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.SPECIFICATION each of the two said parts, and means for selecting as a 
survivor from each of said multiple sets one said partial codeword on the 

basis of said distances, and for providing information indicative of 
each of said multiple survivors and its distance to subsequent said 
decoding substages of said second stage, or, if said substage is 
the final said substage, as a final output of said decoder. 

Such trellis-type decoding of lattices and codes is loss complex than 
known decoding. . . 

.a band-limited channel is encoded into a succession of codewords, and 
wherein the decoder comprises means for deciding which codeword was sent 
on the basis of a received set of values corresponding to the N-tuple 
r. In the case of lattice decoding, the lattice is equivalent to a 
24 -dimensional Leech-type lattice whose points have integer coordinates, 
and the maximum number of survivors in any substage is 2... 
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... if the generated recognition result is satisfactory. If the 

grammar-based processing in block 804 does not produce a satisfactory 
result, the best word sequence alternative derivable from the word 
lattice generated by the ngram speech recognition device 803 is defined 
as recognition result, i.e. as text message, in a post-processing unit 
represented by a block 805 on the basis of said word lattice and is 
forwarded to the output unit 208, which outputs the generated text 
message to the respective addressees. 
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. . . and its rotations are probably the shortest such vectors. With the 
paraniecer choice (1.2), this problem is identical to the problem of 
\: reakinq an NTRuENCRYlyr public key with the same parameters. 
Experiments give an estimated breaking time greater than 1012 MIPS years 
i:or the parameters (1 2). 

Another way to use lattice reduction is to try to directly locate a 
valid signature (s,t). This problem is clearly an approximate closest 
vector problem (appr-CVP) , since the... 
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Taha, Closed types as a simple approach to safe imperative multi-stage 
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variable-sized bin packing (283--295); Janos Csirik and Gerhard J. 
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Inc reduction : Public key cryptosystems based on the knapsack 
rrapdoor have been considered insecure since a polynomial time algorithm 
wris found for breaking instances of the code. In particular, the Lenstra, 
Least ra and Lovasz algorithm for producing short basis vectors of a 
lattice has proved useful in attacking the Diophantine approximation 
problems which arise in attempts to break the codes. L. O'Connor [''An 
approximation to the one-time pad''. Rep. No. 328, Dept. Comput . Sci . , 
Univ. Sydney, Sydney, 1988; per bibl . ] has proposed an interesting variant 
of the knapsack cryptosystem . Unfortunately, as will be shown, the 
Diophantine equations associated with the system fall to the short basis 

vector attack. All instances of the proposed system that have been 
generated to test the system have been broken. It seems that there are many 
sets of parameters that will generate any instance of the code, and it is 
too easy to find such a set, ' ' 
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Conference Title: Topics in Cryptology - CT-RSA 2003. Cryptographers' 
Track at the RSA Conference 2002. Proceedings 

Conference Date: 13-17 April 2003 Conference Location: San Francisco, 
CA, USA 

Language: English Document Type: Conference Proceedings (CP) 
Abstract: The following topics are dealt with: key self-protection; 
message authentication; digital signatures ; pairing based cryptography; 
multivariate and lattice problems; cryptographic architectures; RSA-based 
cryptosystems ; chosen-ciphertext security; broadcast encryption and PRE 
sharing; authentication structures; elliptic curves and pairings; threshold 
cryptography; implementation issues. 
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Journal: Designs, Codes and Cryptography vol.26, no.1-3 p. 87-96 
Publisher: Kluwer Academic Publishers, 
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Absrracu: We present a key-recovery attack against the digital 
signature algorithm (DSA) . Our method is based on the work of Coppersmith 
(1997), and is similar in nature to the attacks of Boneh et al. (2000) 
which use lattice reduction techniques to determine upper bounds on the 
size of an RSA decryption exponent under which it will be revealed by the 
attack. This work similarly determines provable upper bounds on the sizes 
of the two key parameters in the DSA for which the system can be broken. 
Specifically if about half of the total number of bits in the secret and 
ephemeral keys, assuming contiguous unknown bits in each key, are known, 
r.he system can be shown to be insecure. The same technique shows that if 
about half of the total number of bits in two ephemeral keys are known, 
again assumed contiguous unknown bits in each key, but with no knowledge of 
uhe secret key, the system can be shown to be insecure. (20 Refs) 
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Abstract: It has been proved by Nguyen and Shparlinski (to appear) that 
the digital signature algorithm (DSA) is insecure when a few 

consecutive bits of the random nonces k are known for a reasonably small 
number of DSA signatures. This result confirmed the efficiency of some 
^ '--ir : lattice atcacks designed and numerically verified by 
■• '.rriham and Smart (to appear). Here we extend the attack to the 

* : • : :'\rf;el (1 995) variants of DSA. We use a connection with the hidden 
: i.:.obieni introduced by Boneh and Venkatesan and new bounds of 

• xporioncia L sums which might be of independent interest. (23 Refs) 
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Abstract: We describe a lattice attack on the digital signature 

algorithm (DSA) when used to sign many messages, m/sub i/, under the 
assumption that a proportion of the bits of each of the associated 
ephemeral keys, y/sub i/, can be recovered by alternative techniques. (11 
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Abstract: An efficient hardware implementation is proposed for the 
optimal, computationally intensive, normalized recursive least-squares 
lattice (NLSL) adaptive filter. NLSL operation steps are optimized for 
better hardware utilization. To best match the execution steps, a combined 
processing unit for radix-2 division and square-root operations, and a 
radix-4 MSB-first multiplication unit based on signed digit (SD) arithmetic 
are proposed. The proposed NLSL implementation achieves both good area and 
time performance. The approach is shown to be better than the CORDIC 
approach, and SD arithmetic is a good choice for implementing the 
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ABSTRACT: Authors have already proposed a data embedding method based on 
the phase modulation of sampling lattice to picture coding. On this 
method, an original picture is necessary for decoding additional data 
as a standard reference information. In this paper, we positively 
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show that the new method can exactly improve error rate characteristic 
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bits are decoded correctly with the JPEG compression ratio of 17 under 
the degradation of the signal-to-noise ratio within approximately 0.1 
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Recent applications of lattice attacks against elliptic curve 
cryptosystems have shown that the protection of ephemeral keys in the ECDSA 
is of greatest importance. This paper shows how to enhance simple 
power-analysis attacks on elliptic-curve point-multiplication algorithms by 
using Markov models. We demonstrate the attack on an addition-subtraction 
algorithm (fixing the sequence of elliptic-curve operations) which is 
similar to the one described by Morain et al. in (MO90) and apply the 
method to the general addition-subtraction method described in ANSI X9.62 
(ANS99) . 

English Descriptors: Markov model; Cryptanalysis ; Elliptic curve; Digital 
signature ; Randomised algorithms; Cryptosystem 

French Descriptors: Modele Markov; Cryptanalyse ; Courbe elliptique; 
Signature numerique; Algorithme randomise; Cryptosysteme 
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1996, 

Springer, Berlin,; 363--374,, 

Series: Lecture Notes in Comput . Sci . , 1046, 

Language: English Summary Language: English 

Document Type: Proceedings Paper 

Journal Announcement: 9716 

Subfile: MR (Mathematical Reviews) AMS 

Abstract Length: MEDIUM (11 lines) 

Summary: ^ 'A minimal cutset of a tree directed from the leaves to the 
root is a minimal set of vertices such that every path from a leaf to the 
root meets at least one of these vertices. An order relation on the set of 
minimal cutsets can be defined: $U\le V$ if and only if every vertex of $U$ 
is on the path from some vertex in $V$ to the root. Motivated by the design 
of efficient cryptographic digital signature schemes, the problem of 
constructing trees with a large number of pairwise incomparable minimal 
cutsets or, equi valent ly , with a large antichain in the poset of minimal 
cutsets, is considered. ' ' 

\{For the entire collection see MR 98d:68022.\} 

Reviewer: Summary 

Review Type: Abstract 

Proceedings Reference: 98d#68022; 1 462 080 

Descriptors: '^94A60 -Information and communication, circuits- 
Cofturiunica tion, information-Cryptography (See also 11T71, 68P25) ; 06A07 - 
Order, lattices , ordered algebraic structures (See also 18B35 ) -Ordered 
sets-Combinatorics of partially ordered sets; 68P25 -Computer science (For 
papers involving machine computations and programs in a specific 
mathematical area, see Section --04 in that area) -Theory of data-Data 
encryption (See also 94A60) ; 68R10 -Computer science (For papers involving 
machine computations and programs in a specific mathematical area, see 
Section --04 in that area ) -Discrete mathematics in relation to computer 
science-Graph theory (See also OSCxx, 90B10, 90B35, 90C35 



21/5/1 (Item 1 from file: 2) 

. :Ai/K;(R) Kile 2: INSPEC 

{<:) 200A Institution of Electrical Engineers. All rts. reserv. 

5723753 INSPEC Abstract Number: C97 1 1-6130S-080 
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Author Affiliation: IBM Almaden Res. Center, San Jose, CA, USA 
Conference Title: Mathematical Foundations of Computer Science 1997. 22nd 
International Symposium, MFCS ' 97 Proceedings p. 44-51 
Editor (s): Privara, I.; Ruzicka, P. 
Publisher: Springer-Verlag, Berlin, Germany 

Publication Date: 1997 Country of Publication: Germany x+517 pp. 

ISBN: 3 540 63437 1 Material Identity Number: XX97-01900 

Conference Title: Proceedings of 22nd International Symposium on 
Machematical Foundations of Computer Science 

Conference Date: 25-29 Aug. 1997 Conference Location: Bratislava, 
Slovakia 

Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) 

Abstract: We describe constructions of several cryptographic primitives, 
including hash functions, public key cryptosystems , pseudorandom bit 
generators, and digital signatures , whose security depends on the 

assumed worst-case or average-case hardness of problems involving lattices 
(26 Refs) 

Subfile: C 

Descripcors: cryptography 
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Author (s): Goldreich, 0.; Goldwasser, S.; Halevi, S. 
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Conference Title: Advances in Cryptology - CRYPTO '97. 17th Annual 
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Conference Title: Advances in Cryptology - CRYPTO '97. 17th Annual 
International Cryptology Conference. Proceedings 

Conference Date: 17-21 Aug. 1997 Conference Location: Santa Barbara, 
CA, USA 

Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) 

Abstract: We present a new proposal for a trapdoor one-way function, from 
wliioh we derive public - key encryption and digital signatures . The 
security of che new construction is based on the conjectured computational 
difficulty of lattice -reduction problems, providing a possible 
alternative to existing public - key encryption algorithms and digital 
signatures such as RSA and DSS. (22 Refs) 
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Descriptors: computational complexity; data privacy; piablic key 
cryptography 

Identifiers: public - key cryptosystems; lattice reduction problems; 
trapdoor one-way function; public - key encryption; digital signatures 

; conjectured computational difficulty; RSA; DSS 

Class Codes: B6120B (Codes); C6130S (Data security); C4240C ( 
Computational complexity) 



Copyright 1997, lEE 



21/5/3 (Item 3 from file: 2) 

DIALOG (R) File 2 : INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

5710015 INSPEC Abstract Number: B971 1-0100-034 , C97 11-6130S-023 

Title: Advances in Cryptology - CRYPTO '97. 17th Annual International 
Cryptology Conference. Proceedings 

h:citor{s): Kaliski, B.S., Jr. 

Publisher: Spr inger-Verlag , Berlin, Germany 

Publication Date: 1997 Country of Publication: Germany xii+537 pp. 

ISBN: 3 540 63384 7 Material Identity Number: XX97-02096 

Conference Title: Advances in Cryptology - CRYPTO' 97. 17th Annual 
International Cryptology Conference. Proceedings 

Conference Date: 17-21 Aug. 1997 Conference Location: Santa Barbara, 
CA, USA 

Language: English Document Type: Conference Proceedings (CP) 

Abstract: The following topics were dealt with: complexity theory; 

cryptographic primitives; lattice -based cryptography; digital 
signatures ; cryptanalysis of public key cryptosystems ; information 

theory; elliptic curve implementation; number-theoretic systems; 
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JOURNAL NUMBER: S0817BAJ ISSN NO: 0549-5377 CODEN : NIDGA 

UNIVERSAL DECIMAL CLASSIFICATION: 681.3:654 681.3,02-759 

LANGUAGE: Japanese COUNTRY OF PUBLICATION: Japan 

DOCUMENT TYPE: Journal 

ARTICLE TYPE: Commentary 

MEDIA TYPE: Printed Publication 

ABSTRACT: Nowadays cryptography and information security plays a more and 
more important role for establishing secure information networks. In 
this paper we discuss the followings; (1) News topics such as ZKIP(Zero 
Knowledge Interactive Proof), ID base-crypto system, electronic cash 
ir. r . including brief survey on elliptic cipher, quantum cipher, 
lattice '-ipher etc. (2) Basic technologies of cryptography and 
. i.o:i security. (3) Practical aspects of the technology of 

•; yf.' oqraphy and information security such as its application to 
noi'.work security, image encryption etc. (4) Personal review on future 
Iniormation network society, (author abst.) 
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We describe constructions of several cryptographic primitives, including 
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SUMMARY: As more and more people use computer networks to exchange 
confidential data and perform business transactions, public key 
cryptography is rapidly becoming one of the most critical tools in today's 
electronic world. Using cryptography it is possible to perform many 
important tasks ranging from electronic voting, to digital contract 
signing , secure virtual conferences on public networks and many more. All 
these applications ultimately rely on the security of the underlying 
cryptographic primitives {i.e. the fundamental building blocks using which 
all other more complex cryptographic applications are built) . This research 



involves the study of computational problems from an area of mathematics 
called geometry of numbers that can be used both to design new 
cryptographic primitives, and to test old ones and assess their security. 
The investigators study the complexity of point lattices . These are 
geometric objects that can be described as the set of intersection points 
of a regular n-dimensional grid. This research involves both the 
identification of hard lattice problems, and the search for better 
algorithms to solve lattice problems that admit efficient solution. Hard 

lattice problems are subsequently used to design new cryptographic 
functions, while new lattice algorithms are used to design new 
cryptanalyt ic attacks against existing cryptographic primitives. 
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Abstract Length: LONG (68 lines) 

The 16th Conference has been reviewed [MR 98 f : 94 001 ] . \ } 
Contents: Mikael Goldmann and Mats Naslund, The complexity of computing 
hard core predicates (1--15); Eiichiro Fujisaki and Tatsuaki Okamoto, 
Statistical zero knowledge protocols to prove modular polynomial relations 
(16--30); Giovanni Di Crescenzo, Tatsuaki Okamoto and Moti Yung, Keeping 
r hr> SZK-verifier honest unconditionally (31--45); Oded Goldreich, On the 
: .r^cia E" i ons of modern cryptography (4 6--74 ); Donald Beaver, Plug and play 
-nt ■ rypE; ion (75--89); Ran Canetti, Cynthia Dwork, Moni Naor and Rafail 
i'Vs r ov:^ ky , Deniable encryption (90--104); Oded Goldreich, Shafi Goldwasser 
and .Shai Malevi, Eliminating decryption errors in the Ajtai-Dwork 
crypcosystem (105--111); Oded Goldreich, Shafi Goldwasser and Shai Halevi, 
Public - key cryptosystems from lattice reduction problems {112--131); 
Rosario Gennaro, Hugo Krawczyk and Tal Rabin, RSA-based undeniable 
signatures (132--149); Ari Juels, Michael Luby and Rafail Ostrovsky, 
Security of blind digital signatures (extended abstract) (150 — 164). 

Yuliang Zheng, Digital signcryption or how to achieve cost (signature \& 
encryption) $\11$ cost ( signature ) + cost ( encryption) (165--179); Rosario 
Gennaro and Pankaj Rohatgi, How to sign digital streams (1B0--197); 
Phong Nguyen and Jacques Stern, Mer kle-Hellman revisited: a cryptanalysis 
or che Qu-Vanstone cryptosystem based on group factorizations (198--212); 
Thomas A. Berson, Failure of the McEliece public - key cryptosystem under 
message-resend and related-message attack (213--220) ; Jean-Francois 
Misarsky, A multiplicative attack using LLL algorithm on RSA signatures 
with redundancy (221--234); D. Bleichenbacher , On the security of the KMOV 

public key cryptosystem (235--248); Chae Hoon Lim and Pil Joong Lee, A 
key recovery attack on discrete log-based schemes using a prime order 
subgroup (249--263); Adam Young and Moti Yung, The prevalence of 
kleptographic attacks on discrete-log based cryptosystems {264--276) ; 
Mihir Bellare, Shafi Goldwasser and Daniele Micciancio, ''Pseudo-random'' 
number generation within cryptographic algorithms: the DDS case 
(277--291); Christian Cachin and Ueli Maurer, Unconditional security 
against memory-bounded adversaries (292--306) . 

Ueli Maurer and Stefan Wolf, Privacy amplification secure against active 
:.i7(, .'-ya ries (307--321); Moni Naor and Benny Pinkas, Visual authentication 



and identification (322--336); Gilles Brassard, Quantum information 
processing: the good, the bad and the ugly (337 — 341); Jorge Guajardo and 
Christof Paar, Efficient algorithms for elliptic curve cryptosystems 
(342--356); Jerome A. Solinas, An improved algorithm for arithmetic on a 
family of elliptic curves (357--371); Tsuyoshi Takagi, Fast RSA-type 
rrypLOsys terns using $n$-adic expansion (372--384); Johannes Buchmann and 
.\r. Pa I! [us, A one way funccion based on ideal arithmetic in number 

• :.• : Shlomi Dolev and Rafail Ostrovsky, Efficient anonymous 

- :s* ,.::.d reception {expended abstract) (395--409); Jan Camenisch and 
:r-. ..'-a^iier, Efficient group signature schemes for large groups 
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Proactive RSA (440--454); Ran Canetti, Towards realizing random oracles: 
hash functions that hide all partial information (455--469); Mihir Bellare 
and Phillip Rogaway, Collision-resistant hashing: towards making UOWHFs 
practical {470--484); Lars Knudsen and Bart Preneel, Fast and secure 
hashing based on codes (485--498); Jovan Dj . Golic and Renato Menicocci, 
Edit distance correlation attack on the alternating step generator 
(499--512); Eli Biham and Adi Shamir, Differential fault analysis of secret 
key cryptosystems (513--525); David Wagner, Bruce Schneier and John Kelsey, 
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DOCUMENT TYPE: Journal 
ARTICLE TYPE: Original paper 
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ABSTRACT: A key selection encoding method which carried out encoding by 

opening multiple cipher keys to public and by selecting any one of key 
among them, was proposed. When there is the alternative of the cipher 
key, ambiguity can be generated, which makes the decoding of the cipher 
difficult. In a NAPZAP cipher including the vector which is not a 
super-increase to be used as noise, decoding rate in LLL ( lattice 
basis reduction ) algorithm lowers, and higher safety than before can 
be obtained. 
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ABSTRACT 

PROBLEM TO BE SOLVED: To prevent alteration about a negotiable instrument 
or che like. 

SOLUTION: Glyph marks 21 are formed as a fine pattern on a substrate 24. 
The glyph marks 21 are comprised of slash-like glyphs 22 arranged in a 
lattice shape, and in the glyphs 22, there are forward slashes 
representing '1' and backward slashes representing '0'. Binary values are 
represented by combining both forward and backward slashes. Decoding the 
glyph marks 21 creates a glyph code pattern 25. By using the glyph code 
pattern, a payor's signature is digitized, encrypted , made to be a glyph 
and embedded on the front surface of a check. When the check is presented 
to a bank for payment, a teller using a decoding device, decodes the 
digitized signature, and sees a human-readable image of the digitized 
signature on a screen for comparison with the payor's handwritten 
signature. 
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METHOD AND DEVICE FOR EVALUATING SECRECY SAFETY OF SECRET KEY IN PUBLIC 
KEY CIPHERING SYSTEM 
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ABSTRACT 

PROBLEM TO BE SOLVED: To evaluate secrecy safty of a public key and a 
secret key used in a public key ciphering system based on the 

difficulty of factorization in prime factors like an RSA ciphering system 
by high-speed arithmetic processing. 

SOLUTION: According to this evaluation method, the secrecy safty of a 
secrer. key is evaluated by judging a composite number z, regarding the 
composite number z consisting of a product of large prime factors x, y 
forming a secret key and composing a public key , as factor candidate 
lattice points Pmn adopting the prime factor values as plane coordinates, 
performing remainder arithmetic calculation for the composite number z with 



an arbitrary prime number pn as the modulus and selecting a factor 
candidate evaluation selecting lattice point Q35 from many factor 
candidaue lattice points Pmn, setting a hyperbola presenting z=x.y and a 
searching straight line passing through the factor candidate evaluation 
soler:. i ng lattice point Q35, setting the grandient of the searching 
svraiqhu line brought to close the straight line gradient of a local line 
segmenu of the hypabola in the neighborhood of the factor candidate 
evaluation selecting lattice point Q35 to be searched, expanding the 
searched range by searching it while sequentially calculating whether or 
not the intersection point of the above hypabola and the searching straight 
line matches with the factor candidate evaluation selecting lattice point 
Q35, and being based on the expansion result of the searched range. 
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ABSTRACT 

PURPOSE: To enable a logical element to become a high speed one, by 
controlling output current by changing wavelength of electron waves while 
constant current is made to flow inside the element. 

CONSTITUTION: A barrier layer is formed of semiconductor having larger 
gap energy than bases 1 and 2. For example, this can be realized by 
using Al(sub x) Ca(sub 1-x) As to perform lattice matching and to obtain 
hetero structure having different gap energy. The gap layer is made to be 
O'lO-lOOO anqscroms or so thick. Periodical structure is formed of layers 
energy changes in lattice shapes formed between the barrier and 
hase 2. The gap energy difference needs to be approximately switching 
• :;,rijt' (0.05V) or more, and the thickness of the layer needs to be the one 
;-0-100 angstroms ) in which tunnel current becomes fully small, when 
foward bias is applied between an emitter and a base 1, electrons are 
injected into the base 1, and then constant current depending on diffusion 
flows toward the other-sided base 2. At that time, voltage is applied 
between the bases 1 and 2 to control electron speed, that is, wavelength. 
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Lattice particle cipher counterfeit-proofing method 
Patent Assignee: LIAO Y (LIAO-I) 
Inventor: LIAO Y 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 



CN 1455366 A 20031112 CN 2002116052 A 20020503 200411 B 



Priority Applications (No Type Date) : CN 2002116052 A 20020503 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
CN 1455366 A G06K-009/00 

Abstract (Basic) : CN 1455366 A 

NOVELTY - The invention relates to the method for anti false 
product by using the anti false labeling printed according to the anti 
false information composed of the characters of fine particles 
contained in the paper made from specific material and the 
individualized digital cipher code of the product. The information 
said above is input, stored and processed in measured description by 
Che computer. The consumer can check the quantity of the fine particles 
in the grid of the label directly, or through telephone, networked 
computer, fax validate the information of the cipher code from the 
database so asto reach the goal of validating whether the product is 
true or false. 
DwgNo 0/0 
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Signing and verifying digital document using NTRU or convolution 
modular lattic vector crypotgraphic system whereby a signatory's private 
key provides a short generating basis for an NTRU lattice 

Patent Assignee: NTRU CRY PTOS YSTEMS INC (NTRU-N) 

Inventor : HOPFSTEIN J; HOWGRAVE-GRAHAM N A; PIPHER J C; SILVERMAN J H; 

WHYTE W J 

N,:;;'ber oi Councries: 096 Number of Patents: 002 
Pacenc Farnily: 

Patent: No Kind Date Applicat No Kind Date Week 

WO 200350998 Al 20030619 WO 2002US38640 A 20021206 200346 B 
US 20030120929 Al 20030626 US 2001338330 P 20011207 200355 

US 2002313082 A 20021206 



Priority Applications (No Type Date) : US 2001338330 P 20011207; US 

2002313082 A 20021206 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

WO 200350998 Al E 54 H04L-009/30 

Designated States (National) : AE AG AL AM AT AU AZ BA SB BG BR BY BZ CA 

CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS 
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ZW 

US 20030120929 Al H04L-009/00 Provisional application US 2001338330 



Abstract (Basic) : WO 200350998 Al 

NOVELTY - Involves using the signatory's private key as a short 
generating basis for an NTRU (convolution modular) lattice and 
thier public key as a much longer generating bais for the same 
lattice . The signature on a digital document is a vector in the 
lattice with three properties: it is attached to the digital 
iiicuinenc is signed , it demonstrates an ability to solve a general 



closest vector problem in the lattice , and that a private vector of a 
general NTRU lattice can be used first to construct a complete short 
basis for the lattice . 

USE - To sign and verify a digital document. 

ADVANTAGE - Provides straightforward linkage between the signature 
and the closest vector problem in the underlying NTRU lattice . 

DESCRIPTION OF DRAWING (S) - The drawing shows a flow diagram of the 
method . 
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Quantum dot photon source for e.g. optical quantum cryptography has 
quantum dot excited by pulsed radiation source related to the 
recombination and relaxation times of the dot 

Patent Assignee: TOSHIBA RES EURO LTD (TOKE ) 
Inventor: HOGG R A; SHIELDS A J 

Number of Countries: 001 Number of Patents: 002 
Patent Family: 

Patent: No Kind Date Applicat No Kind Date Week 

-;F5 2377551 A 20030115 GB 9927690 A 19991123 200326 B 

GB 200224125 A 20021016 
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Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 

GB 2377551 A 61 HOlL-033/00 Div ex application GB 9927690 

GB 2377551 B HOlL-033/00 Div ex application GB 9927690 

Abstract (Basic): GB 2377551 A 

NOVELTY -■ The quantum dot photon source comprises: (a) a quantum 
rio'-. ; and (b) means for supplying carriers, comprising incident 
rc:c: i a t: .i on pulsed at specific times to exciting, a predetermined number 
r\ rr-.fL'iecs into first and second energy levels to allow recombination 
■vL carriers in quantum dot to emit at least one photon. The quantum dot 
is encapsulated between two layers having a different lattice 
constant to the quantum dot. 

DETAILED DESCRIPTION - The pulse of the excitation radiation has a 
duration which is less than the relaxation time of a carrier which it 
excites in the quantum dot. The time between leading edges of 
successive pulses is greater than the recombination time of an electron 
and a hole in a quantum dot . The incident radiation has a predefined 
polarization. The pulsed radiation can be a continuous wave laser diode 
that whereby the quantum dot filter is modulated through an AC energy 
source or the radiation source can be a pulsed laser diode. 

USE - The single photon source can be used for optical quantum 
cryptography or for optical imaging, spectroscopy, laser ranging and 
metrology . 

ADVANTAGE - The single photon source is configured to allow 
emission of a predetermined number of photons at predetermined times. 
These sources have a reduced shot noise. 

DESCRIPTION OF DRAWING (S) - The drawing shows a single photon 



emitter in accordance with an embodiment of the present invention 
located within a resonant cavity, 
pp; 61 DwgNo 4/22 
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Security assessment procedure secret key in communication network, 
involves detecting search lines with gradient near hyperbola area, to set 
search range and accordingly lattice points are estimated 

Patent Assignee: UNIV KANAZAWA KOGYO (UYKA-N) 

Number of Countries: 001 Number of Patents: 001 

Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

JP 2001042767 A 20010216 JP 99246047 A 19990727 200126 B 

Priority Applications (No Type Date): JP 99246047 A 19990727 
Pa cent Details: 

Pacene No Kind Lan Pg Main IPC Filing Notes 
JP 2001042767 A 11 G09C-001/00 

Abstract (Basic) : JP 2001042767 A 

NOVELTY - The search lines (LIO) extending along the selected 
factor classification lattice points {Q35,Q52) distributed on the 
evaluation graph is identified. The search line with gradient near the 
hyperbola area is detected and accordingly enlarged search range is 
set. The lattice points along the detected line are estimated 
relevant to search range, to evaluate key security. 

DETAILED DESCRIPTION - The evaluation factor classification 
lattice points (Pmn) are computed by synthesizing the maximum prime 
numbers (>:,y) of key. The value of each lattice point is estimated, 
r-isec:' on the coordinates of each point. The planar coordinates of the 
lattice points is estimated using positional information of each point 
r.i.'vi relation Z is equal to xy where z is synthetic number value. 
Hyperbola is drawn along the points based on the relation, to obtain 
several lines. An INDEPENDENT CLAIM is also included for security 
assessment apparatus of secret key. 

USE - For evaluating security of secret keys used in encryption 
management of communication network used for electronic commercial 
transactions . 

ADVANTAGE - The key security is judged correctly and 
quantitatively, by enlarged search algorithm. 

DESCRIPTION OF DRAWING (S) - The figure shows the graph representing 
the search line evaluation procedure. (The drawing includes non-English 
language text ) . 

Search lines (LIO) 
Lattice points (Q35,Q52) 
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Periodically deciphered anti-faking printings and preparation thereof 

Pa-cen-c Assignee: BAOZHEN SCI & TECHNOLOGY DEV CO LTD GUAN (BAOZ-N) 

I r.v^-nLor : CHEN J 
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v'N 123b096 A 19991117 CN 99104584 A 19990423 200013 B 

Priority Applications (No Type Date) : CN 99104584 A 19990423 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
CN 1235096 A 1 B41M-003/00 

Abstract (Basic) : CN 1235096 A 

NOVELTY - An antiforge printed article deciphered in instalments 
on the basis of reproducing the colour and layers of normal printed 
articles and playing the antiforge role of netted antiforge printed 
articles. Different cipher units are distributed in lattices at 
different regions on pages, with its print plate made up by the 
computer . 

USE - An antiforge printed article for resisting against 
counterfeits . 

ADVANTAGES - High antiforge power, easy recognition, and very high 
potential power for resisting against counterfeits. 
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Cryptographic communication system - has cryptographic communication 
system with mechanism for generating public key and private key, 
based on worst case, with mechanism for executing cryptographic 
communication protocol using keys 
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Abstract (Basic) : US 5737425 A 

The cryptographic communication system comprises a communication 
channel. There is a mechanism for generating a public key and a 
corresponding private key, based on an instance of a problem. The 
problem is difficult to solve in the worst case. The instance of the 
problem being difficult to solve is commensurate with the difficulty of 
Che worst case solution of the problem. 



There is a mechanism for carrying out a cryptographic 
communication protocol using the public and private keys generated, 
with another cryptographic communication system, over the 
communication channel. The mechanism for generating, which includes the 
public key generator, preferably includes a lattice . 
USE - For cryptography and cryptosys terns . 

ADVANTAGE - Provides system with security based on difficulty of 
worst case problem. 
Dwg . 1/7 
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Encryption and decryption system for distributing MIDI files - 

involves encrypting MIDI streams at source and decrypting them only 

within downloaded integral decrypters -MIDI-decoders 
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Abstract (Basic) : WO 9802876 A 

A Co thin film for magneto-optical recording is made of a material 
having a large polar rotation angle in an ultraviolet region to achieve 
high density recording. A Co thin film (14) is vacuum deposited on an 
Si substrate with a Cu seed layer (12) therebetween. The orientation of 



the Si substrate is (100) or (111) . The thicknesses of the Cu seed 
layer (12) and the Co thin film (14) are both approx. 100 nm. The Co 
thin film (14) is a single crystal thin film having a face-centred 
cubic lattice structure with an orientation of (100) or (111) . Such a 
Co thin film (14) has a polar rotation angle of maximum 0.4 deg. in the 
ultraviolet wavelength region of 200-230 nm. 
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Image coding method and apparatus - generates output images from weighted 
sums of input image, weights are sets of two-dimensional irreducible 
coefficients 
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Abstract (Basic) : WO 9119271 A 

Projection apparatus (900) for coding two-dimensional array IM 
includes a device (905) for storing a 2 x 2 matrix S. Modulus of det S 
greater than 1 and S maps any lattice point in a Z-dimensional 
lattice into another point in the lattice . A second storage device 
(906) stores a set of irreducible sealing coefficients (am) having a 
multiplier M = modulus of det S. A receiving device (907) receives the 
two-dimensional data array. 

A further device (904) generates a low-frequency data array Vm 
wherein Vm = (EK aK I sm + K) /M and K runs over all values for which aK 
is not zero. A device outputs the low-frequency data array. 

ADVANTAGE - Uses orthonormal transformation of image utilising 
basis functions with support that is small compared to size of 
image. Compression ratio may be selected in increments other than 
factors of four. (68pp Dwg. No. 9/12) 
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Speech enciphering method for transmission over conventional channel - 
has linear prediction analysis circuit which models input speech spectrum 
in form of digitised coefficients describing all-pole model 
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Abstract (Basic): GB 2133255 A 

The appts. has an analog to digital converter (11) for digitising 
the speech signals. A linear prediction analysis device (12) derives 
digital coefficients relating to predetermined characteristics of the 
digitised signals. The digitised signals are applied to a filter which 
is weighted with the coefficients. The output of the filter is applied 
to an inverse filter which is weighted with the scrambled 
coefficients . 

The output of the inverse filter is applied to a digital to analog 
converrcer (16). The scrambler and unscrambler allow an operator to 
sei: the key stream. The filters are identical adaptive lattice 
filters. The scrambler and descrambler also effect a simple binary 
addition without carry of the predetermined binary key stream to the 
digital coefficients. 

USE - For police mobile radio intended to be secured against casual 
eavesdropping . 
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Surface acoustic wave device - incorporates K coupled pairs of auxiliary 

direction couplers in auxiliary acoustic waveguides with reflecting 
lattice in each and includes auxiliary reflecting structure in each 
principal and auxiliary acoustic waveguide 

15/TI/22 (Item 5 from file: 350) 

i. K) F i ] e 350: (c) 2004 Thomson Derwent . All rts. reserv. 

Image coding method and apparatus - generates output images from weighted 
sums of input image, weights are sets of two-dimensional irreducible 
coefficients 

15/TI/23 (Item 6 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

Heteroepitaxial multilayers with reduced lattice mismatch - prepd. by ion 
implantation to create defects and amorphi sing -boundary of layers 

15/TI/24 (Item 7 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

High quality character generator - outputs projection start command to 
filling section in response to end signal from projection section 

15/TI/25 (Item 8 from file: 350) 

DIALOG (R) File 350: {c) 2004 Thomson Derwent. All rts. reserv. 

Monitoring occurrence of fire - measuring propagation speed of ultrasonic 
waves through channels between transmitters and receivers 

15/TI/26 (Item 9 from file: 350) 

!:.!:AL0G (R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

N-dimensional modular multiprocessor lattice architecture - has system of 
modules interconnected using dual port memories each dedicated solely to 
interchange of information between two modules 

15/TI/27 (Item 10 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent, All rts. reserv. 

Photoelectric displacement detector with optical lattice - has subsidiary 
optical lattice divided into sections by phase dividing frame and light 
receivers corresp . to divided lattices 

15/TI/28 (Item 11 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

Frame structure for skeletons and inner fitting - has closed triangular 
bracket, whose shank centre lines brace rectangular pyramid side surfaces 



15/TI/29 (Item 12 from file: 350) 

DIALOG ( R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

Heat-resistant polybutadiene-polys tyrene-carboxyl latex - contg. phenolic 
antioxidant and semi-ester of sulphosuccinic acdi with ethoxylated 
alcohol 



15/TI/l (Item 1 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

PATTERN FORMING METHOD AND ELECTRON BEAM EXPOSURE DEVICE 



15/TI/2 (Item 2 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

METHOD AND DEVICE FOR IMAGE EFFECT 



15/TI/3 (Item 3 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

MOVING POINT LOCUS MEASURING METHOD, MOVING POINT LOCUS MEASURING DEVICE, 
IMAGE PROCESSING METHOD, IMAGE PROCESSING DEVICE, COMPUTER-READABLE 
RECORDING MEDIUM WITH MOVING POINT LOCUS MEASURING PROGRAM RECORDED 
THEREON, AND MOVING POINT LOCUS MEASURING PROGRAM 



15/TI/4 (Item 4 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

METHOD AND DEVICE FOR INTERPOLATING SPACE DATA, AND ANIMATION MAKING METHOD 



15/TI/5 (Item 5 from file: 347) 

DIALOG{R)File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

METHOD AND APPARATUS FOR INSPECTION OF SCANNING OPTICAL UNIT 



15/TI/6 (Item 6 from file: 347) 

OlALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

CEREBRAL EQUI POTENTIAL DIAGRAM FORMING APPARATUS AND CERBRRAL EQUIPOTNTIAL 
CONVERTER 



15/TI/7 (Item 7 from file: 347) 

DIALOG(R)File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

DEVICE FOR REARING ANIMAL 



15/TI/8 (Item 8 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

PRESUMING METHOD FOR CURRENT SOURCE OF VITAL ORGANISM ACTIVITY 



15/TI/9 (Item 9 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

PRESUMING METHOD FOR CURRENT SOURCE OF VITAL ORGANISM ACTIVITY 



15/Tl/lO (Item 10 from file: 347) 

DIALOG {R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

X-RAY DIAGNOSTIC DEVICE 



15/TI/ll (Item 11 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 



MAGNETIC HEAD DRIVING DEVICE 



15/TI/12 (Item 12 from file: 347) 

DIALOG (R) File 347: {c) 2004 JPO & JAPIO. All rts. reserv. 



SPHERE TEXTURE MAPPING DEVICE 



15/TI/13 (Item 13 from file: 347) 

DIALOG(R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

IMPROVED THERMAL STENCIL PAPER 



15/TI/14 (Item 14 from file: 347) 

; lMJ)GiR) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

OPTICAL AUTOMATIC POSITIONING APPARATUS 



15/TI/15 (Item 15 from file: 347) 

DIALOG (R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

OPTICAL DISPLACEMENT DETECTOR 



15/TI/16 (Item 16 from file: 347) 

DIALOG(R)Fiie 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

METHOD AND APPARATUS FOR SETTING GAP BETWEEN FIRST AND SECOND OBJECTS TO 
PREDETERMINED VALUE 



15/TI/17 (Item 17 from file: 347) 

DIALOG(R) File 347: (c) 2004 JPO & JAPIO. All rts. reserv. 

OPTICAL DISPLACEMENT DETECTOR 



15/TI/18 (Item 1 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent . All rts. reserv. 

Aluminum material as matrix material for forming composites of e.g., 
mechanical devices e.g., compressor section of gas turbine engine, 
includes solid solution matrix containing specified amount of aliiminum 
alloy 



15/TI/19 (Item 2 from file: 350) 

DIALOG (R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

Integrated tablet input appts . with liquid crystal display - includes 
position detecting function and display function with liquid-crystal 
display in matrix form with insulating substrate, scanning lines running 
parallel to substrate 



15/TI/20 (Item 3 from file: 350) 

DIALOG{R) File 350: (c) 2004 Thomson Derwent. All rts. reserv. 

Semiconductor device - has two semiconductor bases bonded together with 
their crystal structure differing from each other in section that is 
perpendicular to bonding surface 
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42/5/1 (Item 1 from file: 8) 

■•: ' r : : 3:Ei Cornpendex ( R) 

^ Fi.sev.ier Eng. ' Info. Inc. All rts. reserv. 

'JblAblAA E.I. No: EI P02397 1 07 087 

Title: Combining problem structure with basis reduction to solve a class 
of hard integer programs 

Author: Louveaux, Quentin; Wolsey, Laurence A. 

Corporate Source: INMA CORE Universite catholique de Louvain, 
Louvain-la-Neuve, B-1348, Belgium 

Source: Mathematics of Operations Research v 27 n 3 August 2002. p 
410-AQ4 

Publication Year: 2002 

CODEN: MOREDQ ISSN: 0364-765X 

Language: English 

Document Type: JA; (Journal Article) Treatment: T; (Theoretical) 
Journal Announcement: 0209W5 

Abstract: Recently Aardal et al . (2000) have successfully solved some 
small, difficult, equality-constrained integer programs by using basis 
reduction to reformulate the problems as inequality-constrained integer 
programs in a different space. Here, we adapt their method to solve 
integer programs that are larger but have special structure. The practical 
problem motivating this work is a variant of the market share problem. 
More formally, the problem can be viewed as finding a matrix X is a member 
of the set of Double-struck Z //+**m**n satisfying XA = C, BX = D, where A, 
B, C, D are matrices of compatible dimensions, and the approach requires us 
lO find a reduced basis of the lattice script L = left brace X is a member 
r>:- the set of Double-struck Z -^-^m^^ multiplied by *^n: XA = 0, BX = 0 
r.i::hf brace . The main topic of this paper is a study of the lattice script 
L . i. L is shown that an integer basis of script L can be obtained by 
•caking the Kronecker product of vectors from integer bases of two much 
smaller lattices . Furthermore, the resulting basis is a reduced basis 
if the integer bases of the two small lattices are reduced bases 
and a suitable ordering is chosen. Finally, some limited computational 
results are presented showing the benefits of making use of the problem 
structure. 12 Refs. 

Descriptors: ^Integer programming; Problem solving; Vectors; Computation 
theory; Matrix algebra; Set theory; Theorem proving; Algorithms 

Identifiers: Polynomial algorithms 

Classification Codes: 

921.5 (Optimization Techniques); 921.1 (Algebra); 721.1 (Computer 
Theory (Includes Formal Logic, Automata Theory, Switching Theory & 
Programming Theory)); 921.4 (Combinatorial Mathematics, Includes Graph 
Theory, Set Theory) 

921 (Applied Mathematics); 721 (Computer Circuits & Logic Elements) 
92 (ENGINEERING MATHEMATICS); 72 (COMPUTERS & DATA PROCESSING) 



42/5/7 (Item 1 from file: 144) 

DIALOG (R) File 144: Pascal 

(c) 2004 INIST/CNRS. All rts. reserv. 

14725050 PASCAL No.: 00-0401244 

The complexity of some lattice problems 

ANTS- IV : algorithmic number theory : Leiden, 2-7 July 2000 

i-'^;oMA Wieb, ed 

:)eparcment of Computer Science and Engineering, State University of New 
York, Buffalo, NY 14260, United States 

Algorithmic number theory. International symposium, 4 (Leiden NLD) 
2000-07-02 

Journal: Lecture notes in computer science, 2000, 1838 1-32 
ISBN: 3-540-67695-3 ISSN: 0302-9743 Availability: INIST-16343; 
354000087639230010 

No . of Ref s . : 66 ref . 

Document Type: P (Serial); C (Conference Proceedings) ; A (Analytic) 
Country of Publication: Germany 
Language: English 



We survey some recent developments in the study of the complexity of 
certain lattice problems. We focus on the recent progress on complexity 
results of intractability. We will discuss Ajtai's worst-case/average-case 
connections for the shortest vector problem, similar results for the 
closest vector problem and short basis problem, NP-hardness and 

non-NP-hardness , transference theorems between primal and dual lattices 
, and application to secure cryptography. 



45/5/2 (Item 1 from file: 65) 

DIALOG (R) File 65: Inside Conferences 

(c) 2004 BLDSC all rts. reserv. All rts. reserv. 

03867151 INSIDE CONFERENCE ITEM ID: CN040653880 
The Two Faces of Lattices in Cryptology 
Nguyen, P. Q.; Stern, J. 

CONFERENCE: Cryptography and lattices-International conference; 1st 

LECTURE NOTES IN COMPUTER SCIENCE, 2001; VOL 2146 P: 146-180 

New York, Springer, 2001 

ISSN: 0302-9743 ISBN: 3540424881 

LANGUAGE: English DOCUMENT TYPE: Conference Revised papers 
CONFERENCE EDITOR (S) : Silverman, J. H. 
CONFERENCE SPONSOR: Brown University 

CONFERENCE LOCATION: Providence, RI 2001; Mar (200103) (200103) 

BRITISH LIBRARY ITEM LOCATION: 5180.185000 
NOTE: 

Also known as CaLC 2001 
DESCRIPTORS: cryptography ; CaLC 



45/5/3 (Item 1 from file: 2) 

DIALOG (R) File 2 : INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

■;':68991 INSPEC Abstract Number: B2004 -03- 6120D-08 6, C2004-03-6130S-183 
Title: C rrypuocomput ing with rationals 
A'.iLhor{s): Fouque, P. -A.; Stern, J.; Wackers, G.-J. 
Auchor Affiliation: DCSSI Crypto Lab., Paris, France 

Conference Title: Financial Cryptography. 6th International Conference, 
FC 2002. Revised Papers (Lecture Notes in Computer Science Vol.2357) p. 
136-46 

Editor (s) : Blaze, M. 

Publisher: Spr inger-Verlag , Berlin, Germany 

Publication Date: 2003 Country of Publication: Germany viii-f299 pp. 

ISBN: 3 540 00646 X Material Identity Number: XX-2003-00822 

Conference Title: Financial Cryptography. 6th International Conference, 
FC 2002. Revised Papers 

:::.'!'! rerence Dace: 11-14 March 2002 Conference Location: Southampton, 
Bermuda 

Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) 

Abstract: In this paper we describe a method to compute with encrypted 
rational numbers. It is well-known that homomorphic schemes allow 
calculations with hidden integers, i.e. given integers x and y encrypted 

in xi (xO and xi (y), one can compute the encrypted sum xi (x+y) or the 

encrypted product xi (kx) of the encrypted integer x and a known 
integer k without having to decrypt the terms xi (x) or xi (y) . Such 

cryptosystems have a lot of applications in electronic voting schemes, 
lottery or in multiparty computation since they allow to keep the privacy 
of the terms and return the result in encrypted form. However, from a 
f. rac'Lical poinc of view, it might be interesting to compute with rationals. 

:nsrant:e, a lot of financial applications require algorithms to compute 
w: ; :: rational values instead of integers such as bank accounts, electronic 
rses In order to make payments or micropayment s , or secure spreadsheets. 
We present here a way to solve this problem using the Paillier 

cryptosystem which offers the largest bandwidth among all homomorphic 
schemes. The method uses two -dimensional lattices to recover the 
numerator and denominator of the rationals. Finally we implement this 
technique and our results in order to build an encrypted spreadsheet 
showing the practical possibilities of the homomorphic properties applied 
on rationals. (23 Refs) 
Subfile: B C 

Descriptors: cryptography ; Gaussian processes; rational functions 
Identifiers: cryptocomputing ; rationals; encrypted rational numbers; 
homomorphic schemes; encrypted sum; encrypted product; encrypted 
integer; cryptosystems ; electronic voting scheme; lottery; multiparty 



computation; financial applications; bank accounts; electronic purses; 
secure spreadsheets; Paillier cryptosystem ; two -dimensional lattices ; 
encrypted spreadsheet 

Class Codes: B6120D (Cryptography); C6130S (Data security); C4130 ( 
Interpolation and function approximation (numerical analysis)) 

Copyright 2004, lEE 



45/5/4 (Item 2 from file: 2) 

DIALOG (R) File 2: INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

7130209 INSPEC Abstract Number: B2002-02-62 lOL-001 , C2002-02-5620-001 

Title: An encryption approach to digital communication by using 
spatiotemporal chaos synchronization 

Author(s): Kuang Jing-Yu; Deng Kun; Huang Rong-Hai 

Author Affiliation: Dept. of Electron., Beijing Normal Univ., China 
Journal: Acta Physica Sinica vol.50, no. 10 p. 1856-61 
Publisher: Chinese Phys. Soc, 

\ :r.] i ':a'\ion Da'Le: 2001 Councry of Publication: China 
■•.:-'>;: >;:.H!.-AR ISSN: 1000-3290 
- : : .;; .)-. :290 (2001 } 50 : lOL. 1856: EADC; 1-7 

w:.i:.-rldl Idencity Number: A27 9-200 1 -02 1 
language : Chinese Document Type: Journal Paper (JP) 
Treaiiinent: Theoretical (T) 

Abstract: An encryption approach to digital communication by using 
spatiotemporal chaos synchronization is proposed. Two one-way coupled map 

lattice (OCOML) systems driven by a chaotic signal are synchronized. The 
chaotic outputs of the OCOML systems serve as the encryption and 

decryption J<eys and the main secret key is a set of coupling parameters 
of the OCOML. The advantages of the cryptosystem are its high 
communication efficiency, higher level of security and easy implementation 
by software. An example of duplex real-time voice communication between two 
computer users is described. (18 Refs) 
Subfile: B C 

Descriptors: chaos; computer networks; cryptography ; digital 
communication; synchronisation; telecommunication security; voice 

communica t ion 

Identifiers: encryption approach; digital communication; spatiotemporal 
chaos synchronization; one-way coupled map lattice systems; chaotic signal; 
chaotic outputs; OCOML systems; decryption keys; coupling parameters; 
communication efficiency; security; duplex real-time voice communication; 
computer users 

Class Codes: B6210L (Computer communications); B6120D (Cryptography); 
C5620 (Computer networks and techniques) 
Copyright 2002, lEE 



45/5/5 (Item 3 from file: 2) 

:v:.A:.OG (R) File 2 : INSPEC 

i^:) 200A Institution of Electrical Engineers. All rts. reserv. 

6307951 INSPEC Abstract Number: CI 999-09-4 24 OC-024 
Title: Some recent progress on the complexity of lattice problems 

Author(s): Jin-Yi Cai 

Author Affiliation: Dept. of Comput . Sci. & Eng., State Univ. of New 

York, Buffalo, NY, USA 

Conference Title: Proceedings. Fourteenth Annual IEEE Conference on 

Computational Complexity (Formerly: Structure in Complexity Theory 

Conference) (Cat .No. 99CB36317) p, 158-7 8 

Publisher: IEEE Comput. Soc, Los Alamitos, CA, USA 

Publication Date: 1999 Country of Publication: USA x+241 pp. 

ISBN: 0 7695 0075 7 Material Identity Number: XX-1 999-01 8 69 

U.S. Copyright Clearance Center Code: 0 7695 0075 7/99/$10.00 

Conference Title: Proceedings. Fourteenth Annual IEEE Conference on 

Computational Complexity. (Formerly: Structure in Complexity Theory 

Conference ) 

Conference Sponsor: IEEE Comput. Soc. Tech. Committee on Math. Found. 



Comput.; ACM SIGACT; EATCS 

Conference Date: 4-6 May 1999 Conference Location: Atlanta, GA, USA 
Language: English Document Type: Conference Paper (PA) 
Treacment: Theoretical (T) 

Abstract: We survey some recent developments in the study of the 
complexity of lattice problems. After a discussion of some problems on 
iaccices which can be algorithmically solved efficiently, our main focus is 
the recent progress on complexity results of intractability. We discuss 
Ajtai's worst-case/average-case connections, NP-hardness and 

non-NP-hardness , transference theorems between primal and dual lattices 
, and the Ajtai-Dwork cryptosystem . (62 Refs) 

Subfile: C 

Descriptors: computational complexity; cryptography 

Identifiers: complexity; lattice problems; intractability; NP-hardness; 
T) or; - N!^- ha rdness ; transference theorems; cryptosystem 

" ! :ss Codes: C^240C (Computational complexity); C1260C (Cryptography 
• -ry); C6130S (Data security) 

:-c.pyrJqht 1993, lEE 



45/5/6 (Item 4 from file: 2) 

DIALOG (R) File 2:INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

5862657 INSPEC Abstract Number: B9804 -6120B-280, C9804 -6130S-053 
Title: Finding small roots of univariate modular equations revisited 

Author (s): Howgrave-Graham, N. 
Author Affiliation: Bath Univ., UK 

Conference Title: Cryptography and Coding, 6th IMA International 
Conference. Proceedings p. 131-42 
Editor (s) : Darnell, M. 

Publisher: Spr inger-Verlag , Berlin, Germany 

Publication Date: 1997 Country of Publication: Germany 334 pp. 
ISBN: 3 540 63927 6 Material Identity Number: XX97-01681 

Conference Title: Proceedings of Cryptography 

Conference Date: 17-19 Dec. 1997 Conference Location: Cirencester, UK 
Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) 

Abstract: An alternative technique for finding small roots of univariate 
modular equations is described. This approach is then compared with that 
taken in Coppersmith (1996), which links the concept of the dual lattice 
(Cassels, 1971) to the LLL algorithm (Lenstra et al., 1982). Timing 
results comparing both algorithms are given, and practical considerations 
are discussed. This work has direct applications to several low-exponent 
attacks on the RSA cryptographic scheme. 



48/5/4 (Item 3 from file: 2) 

DIALOG (R) File 2 : INSPEC 

(c) 2004 Institution of Electrical Engineers. All rts. reserv. 

651 2531 TNSPEC Abstract Number: B2000-04 - 61 20D-01 8 , C2000-04-1260C-012 
Title: Generating hard instances of the short basis problem 
AuL hoc is) : Aj cai, M . 

Auchor Affiliation: IBM Almaden Res. Center, San Jose, CA, USA 

Conference Title: Automata, Languages and Programming. 26th International 
Colloquium, ICALP'99. Proceedings {Lecture Notes in Computer Science 
Vol.1644) p. 1-9 

Editor{s): Wiedermann, J.; van Emde Boas, P.; Nielsen, M. 

Publisher: Springer-Verlag, Berlin, Germany 

Publication Date: 1999 Country of Publication: Germany xiv+718 pp. 

ISBN: 3 540 66224 3 Material Identity Number: XX-1999-02197 

Conference Title: Proceedings of ICALP'99: 26th International Colloquium 
on Automata, Languages, and Programming 

Conference Date: 11-15 July 1999 Conference Location: Prague, Czech 
Republic 

l,,anquaqe: English Document Type: Conference Paper (PA) 
Treaument:: Theoretical (T) 

Abscract: A class of random lattices is given in [1] so that: (a) a 
random lattice can be generated in polynomial time together with a short 
vector in it; and (b) assuming that certain worst-case lattice problems 
have no polynomial time solutions, there is no polynomial time algorithm 
which finds a short vector in a random lattice with a polynomially large 
probability. We show that lattices of the same random class can be 
generated not only together with a short vector in them, but also together 
with a short basis . The existence of a known short basis may make 
the construction more applicable for cryptographic protocols. (7 Refs) 

Subfile: B C 

Descriptors: computational complexity; cryptography ; data structures; 
probability; protocols 

Identifiers: hard instances; short basis problem; random lattices ; 
polynomial time; short vector; probability; cryptographic protocols 

Class Codes: B6120D (Cryptography); B0240Z (Other topics in statistics); 
B6150M (Protocols); C1260C (Cryptography theory); C4240C (Computational 
complexity); C1140Z (Other topics in statistics); C5640 (Protocols) 

Copyright 2000, lEE 
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DIALOG (R) File 34 : SciSearch ( R) Cited Ref Sci 
(c) 2004 Inst for Sci Info. All rts. reserv. 

104^15253 Genuine Article#: 526ZV Number of References: 31 
Title: On the design of RSA with short secret exponent 

r,\.r Yicr :s) : Sun HM (REPRINT) ; Yang WC; Laih CS 

^/otporane Source: Natl Cheng Kung Univ, Dept Comp Sci & Informat Engn, Tainan 
7Q1//Taiwan/ (REPRINT); Natl Cheng Kung Univ, Dept Comp Sci & Informat 
Engn, Tainan 701//Taiwan/ ; Natl Cheng Kung Univ, Dept Elect Engn, Tainan 
701//Taiwan/ 

Journal: JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, 2002, V18, Nl (JAN 
), Pl-18 

ISSN: 1016-2364 Publication date: 20020100 

Publisher: INST INFORMATION SCIENCE, ACADEMIA SINICA, TAIPEI 115, TAIWAN 
Language: English Document Type: ARTICLE 
Geographic Location: Taiwan 

Journal Subject Category: COMPUTER SCIENCE, INFORMATION SYSTEMS 
Abstract: Based on continued fractions Wiener showed that a typical RSA 

system can be totally broken if its secret exponent d < N-0.25 where N 
is the RSA modulus. Recently, based on lattice basis reduction, Boneh 
and Durfee presented a new short secret exponent attack which improves 
Wiener's bound up to d < N-0.292. In this paper we show that it is 
possible to use a short secret exponent which is lower than these 
bounds while not compromising the security of RSA, provided that p and 
q differ in size and are large enough to defend against factoring 
algorithms. As an example, an RSA system with d of 192 bits, p of 256 



bits, and q of 768 bits is secure against all the existing short secret 
exponent attacks, On the other hand, in order to balance between and 
minimize the overall computation of encryption and decryption , we 
propose a secure variant of RSA such that both e and d are the same 
size, log(2)e approximate to log(2)d approximate to 568 for a 1024-bit 
RSA modulus. Moreover, a generalization of this variant is presented 
for designing the RSA system with log{2)e + log(2}d approximate to 
(log(2)N) + l(k) where l(k) is a predetermined constant, e.g., 112. 
Compared with a typical RSA system in which e is the same order of 
magnitude as N if d is first selected, these variants of RSA have the 
advantage that the overall computation can be significantly reduced. As 
an example, we can construct a secure RSA system with p of 256 bits, q 
of 768 bits, d of 256 bits, and e of 880 bits. 
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Title: Generalized compact knapsacks, cyclic lattices, and efficient 
one-way functions from worst-case complexity assxamptions 

Author: Micciancio, Daniele 

Corporate Source: University of California, San Diego, La Jolla, CA 
92093-0114, United States 

Conference Title: The 34rd Annual IEEE Symposium on Foundations of 
Computer Science 

Conference Location: Vancouver, BC, Canada Conference Date: 
20021116-20021119 

Sponsor: IEEE Computer Society TCMF 
E.I. Conference No.: 60622 

Source: Annual Symposium on Foundations of Computer Science - Proceedings 
2002. p 356-365 

Publication Year: 2002 

CODEN: ASFPDV ISSN: 0272-5428 

[_,cingu3qe: English 

!)ocumenc Type: CA; {Conference Article) Treatment: T; (Theoretical) 
Journal Announcement: 0302W1 

Abstract: We study a generalization of the compact knapsack problem for 
arbitrary rings: given m = O(log n) ring elements a//l, a//m is a 

member of the set of R and a target value b is a member of the set of R, 
find coefficients x//l, x//m is a member of the set of X (where X is 

a subset of R of size 2**n) such that Sigmaa//ix//i = b. The computational 
complexity of this problem depends on the choice of the ring R and set of 
coefficients X. This problem is known to be solvable in quasi polynomial 
time when R is the ring of the integers and X is the set of small integers 
left brace 0, . . . , 2**n - 1 right brace . We show that if R is an 
appropriately chosen ring of modular polynomials and X is the subset of 
polynomials with small coefficients, then the compact knapsack problem is 
as hard to solve on the average as the worst case instance of 
approximating the covering radius (or the length of the shortest vector, 
or various other well known lattice problems) of any cyclic lattice 
within a polynomial factor. Our proof adapts, to the cyclic lattice 
setting, techniques initially developed by Ajtai for the case of general 
lattices. 34 Ref s . 

Descriptors: Optimization; Computational complexity; Algorithms; Set 
theory; Polynomials; Cryptography ; Security of data; Probability 

Identifiers: Compact knapsack problem; Cyclic lattices; Worst-case 
average-case connection; One-way functions 

Classification Codes: 

921.5 (Optimization Techniques); 721.1 (Computer Theory (Includes 
- ' ':ic3 ! Locj.ic, Aucomata Theory, Switching Theory & Programming Theory)); 

■ . /-'oinpucer Programming); 921.4 (Combinatorial Mathematics, Includes 
:: :i'r. Theory, Sen Theory); 921.1 (Algebra); 723.2 (Data Processing) 

(Applied Mathematics); 721 (Computer Circuits & Logic Elements); 
/23 (Computer Software, Data Handling & Applications) 

92 (ENGINEERING MATHEMATICS); 72 (COMPUTERS & DATA PROCESSING) 
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Title: Linear phase paraunitary filter bank with filters of different 
lengths and its application in image compression 

Author: Tran, Trac D.; Ikehara, Maasaki; Nguyen, Truong Q. 
Corporate Source: Univ of Wisconsin, Madison, WI , USA 

Source: IEEE Transactions on Signal Processing v 47 n 10 1999. p 
2730-2744 

Publication Year: 1999 

CODEN: ITPRED ISSN: 1053-587X 

Language: English 



Document Type: JA; (Journal Article) Treatment: T; (Theoretical) 
Journal Announcement: 0002W1 

Abstract: In this paper, the theory, structure, design, and 
implementation of a new class of linear-phase paraunitary filter banks 
(LPPUFB's) are investigated. The novel filter banks with filters of 
different lengths can be viewed as the generalized lapped orthogonal 
transforms (GenLOT's) with variable-length basis functions. Our main 
motivation is the application in block-transform-based image coding. 
Besides having all of the attractive properties of other lapped orthogonal 
transforms, the new transform takes advantage of its long , overlapping 
basis functions to represent smooth signals in order to reduce blocking 
artifacts, whereas it reserves short basis functions for high-frequency 
signal components like edges and texture, thereby limiting ringing 
ariiiLacts. Two design methods are presented, each with its own set of 
,:;ivr!n L aqes : The [first is based on a direct lattice factorization, and the 
second eniforces certain relationships between the lattice coefficients 
=.o .Vocain variable length filters. Various necessary conditions for the 
e>;isLence of meaningful solutions are derived and discussed in both cases. 
Finally, several design and image coding examples are presented to confirm 
the validity of the theory. (Author abstract) 23 Refs. 

Descriptors: ^Signal filtering and prediction; Image compression; 
Electric network synthesis; Electric network analysis; Mathematical 
transformations; Functions; Image coding; Image enhancement 

Identifiers: Linear phase paraunitary filter banks; Generalized lapped 
orthogonal transforms 

Classification Codes: 
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716 (Radar, Radio & TV Electronic Equipment); 741 (Optics & Optical 

Devices); 723 (Computer Software); 703 (Electric Circuits); 921 (Applied 
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Year: 1999 

Corporate Source/Institution: STATE UNIVERSITY OF NEW YORK AT BUFFALO ( 
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Major Professor: JIN-YI CAI 
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PAGE 4060. 134 PAGES 
Descriptors: COMPUTER SCIENCE 
Descriptor Codes: 0984 

Two natural notions of hardness of computational problems are 
<i iialioworst-case hardness</i tal ic> which measures how hard the hardest 
instance of a problem is, and <italic>average-case hardness</italic> which 
is a measure of how hard it is to solve a randomly given instance. While 
i:he former is the more traditional notion, it might be argued that it is 
the latter that truly captures the complexity of the problem. From a 
cryptographic viewpoint too, it is the average-case complexity that is 
important . 

This dissertation studies the connection between the two notions of 
complexity for specific problems, particularly ones involving 
<i ta lic>latt ices</italic> . The most important such problem is the Shortest 
Vector Problem (SVP) : Given a lattice, compute a shortest non-zero vector 
in it. We improve upon a result of Mikl&oacute ; s Ajtai who proved that the 
average-case hardness of this problem over a certain class of lattices was 



equivalent to the worst-case hardness of other lattice problems. Since 
these latter problems are thought to be hard in the worst-case, this says 
that the SVP on that class is hard on average. This is significant for the 
security of a future cryptosystem based on the SVP. We also present a 
worst-case hardness result for the SVP, proving that it is NP-hard to find 
an approximately short vector in a given lattice. 

A graph-theoretic application of lattices is also shown. The graphs 
considered are called <italic>circulant graphs</italic> and the problem is 
to find a shortest loop in such a graph. With every circulant graph is 
associated a lattice and finding a shortest loop in the graph is the same 
as linding a shortest vector in the lattice. This enables us to apply 
lactice cechniques to study the complexity of this problem. 

Finally, moving away from lattices, we show that a <italic>hierarchy 
</italic> exists for a probabilistic complexity class under certain 
hardness assumptions. The assumptions are worst-case, but for a hierarchy 
theorem to be proved, average-case hardness is required. We make use of 
standard techniques to effect the conversion. This once again underlines 
the usefulness of a connection between these two kinds of computational 
complexity . 
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DEGREES OF GROBNER BASES OF INTEGER PROGRAMS 
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This thesis is about the complexity of Grobner bases of integer 
f-'rocwrams. Given the family of integer programs$$ { \rm minimize }\ 
cx : Ax^b, \quad x\in { \bf N}\sp{n}$$as the right-hand-side vector b varies, 
we suudy the associated toric ideal and its Grobner bases with respect to 
cerni orders induced by the cost vector c. In Chapter 2 we discuss possible 
ways of bounding the degrees of reduced Grobner basis elements of toric 
ideals. The size of these elements is an important complexity measure in 
commutative algebra and algebraic geometry as well as integer programming. 
We develop two techniques to improve the existing bounds for the reduced 
Grobner basis elements. One of them relies on giving bounds on the Hilbert 
basis elements of certain polyhedral cones, and the other one depends on 
counting lattice points in a lattice polytope. 

Chapter 3 presents a connection between the group relaxation in 
integer programming and localizations of initial ideals of the associated 
'nr\c ideal. We identify the integer programs in the above family which 

;rnoL be solved by the group relaxation as those programs which correspond 
' ' he embedded primes of the initial ideal. This correspondence gives an 
rj 1 ^jo I Lhiii iio compute reduced Grobner bases of toric ideals. This algorithm 
is different from Buchberger's algorithm. Furthermore, a certain covering 
of the standard monomials of the initial ideals gives a combinatorial 
definition for another complexity measure called arithmetic degree. We give 
tight bounds for arithmetic degrees of initial ideals of one-dimensional 
toric ideals. 

In Chapter 4 we answer a question posed by Batyrev. The question is 
concerned with the number of primitive collections of certain polyhedral 
fans which correspond to smooth complete projective toric varieties. We 
provide an example where this number is exponential in the codimension of 
the associated toric variety. The same example gives a toric ideal which 
has a reduced Grobner basis with exponentially many elements even though 
the initial ideal is square-free. 

In the final chapter we present GRIN, a software that we developed for 
computing Grobner bases of toric ideals. This implementation of 



Buchberger's algorithm is tailored for the toric ideals. In particular, we 
show two different approaches to compute the Grobner basis of a toric ideal 
by making short / successive Grobner basis computations. 
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Title: Linear-response theory and lattice dynamics: a muff in- tin-orbital 
approach 

Author{s): Savrasov, S.Y. 

Author Affiliation: Max-Planck-Inst . fur Fest korperf orschung , Stuttgart, 

Germany 

Journal: Physical Review B (Condensed Matter) vol.54, no. 23 p. 

; ^-^6 

: .:;-;h^-:-; APS chrough AIP, 

i- .: .:,;.,Mon Dace: 15 Dec. 1996 Country of Publication: USA 
rvDvlU: PRBMDO ISSN: 0163-1829 

SICI : 0163-1829 (19961215) 54 : 2 3L . 1 64 7 0 : LRTL; 1-A 
Macerial Identity Number: P279-97005 

U.S. Copyright Clearance Center Code: 0163-182 9/96/54 (23 ) /16470 (17 ) /$10 
Document Number: 50163-1829(96)05348-9 

Language: English Document Type: Journal Paper (JP) 
Treatment: Theoretical (T) 

Abstract : A detailed description of a method for calculating static 
linear-response functions in the problem of lattice dynamics is presented. 
The method is based on density- functional theory and it uses linear 
muffin-tin orbitals as a basis for representing first-order corrections to 
the one-electron wave functions. This makes it possible to greatly 
facilitate the treatment of the materials with localized orbitals. We 
derive var iationally accurate expressions for the dynamical matrix. We also 
show that large incomplete- basis -set corrections to the first-order 
changes in the wave functions exist and can be explicitly calculated. Some 
useful hints on the k-space integration for metals and the self -consistency 
problem at long wavelengths are also given. As a test application we 
calculate bulk phonon dispersions in Si and find good agreement between our 
results and experiments. As another application, we calculate lattice 
dynamics of the transition-metal carbide NbC . The theory reproduces the 
major anomalies found experimentally in its phonon dispersions. The theory 
also predicts an anomalous behavior of the lowest transverse acoustic mode 
along the ( xi xi 0) direction. Most of the calculated frequencies agree 
within a few percent with those measured. (49 Refs) 

Subfile: A 

Descriptors: density functional theory; elemental semiconductors; 
muffin-tin potential; niobium compounds; phonon dispersion relations; 
silicon; wave functions 

Identifiers: static linear-response functions; lattice dynamics; 
density-functional theory; linear muffin-tin orbitals; first-order 
corrections; one-electron wave functions; localized orbitals; k-space 
integration; metals; self -consistency ; bulk phonon dispersions; transverse 
acoustic mode; Si; NbC 

Class Codes: A6310 (General theory of lattice dynamics and crystal 
statistics); A6320D (Phonon states and bands, normal modes, and phonon 
dispersion ) 

Chemical Indexing: 

Si el (Elements - 1) 

NbC bin - Nb bin - C bin (Elements - 2) 
Copyright 1997, lEE 
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Auchor{s): Lovasz, L. 

Auuhor Affiliation: ELTE TTK Math. Inst., Budapest, Hungary 

Conference Title: Theory of Algorithms p. 323-37 

Editor (s): Lovasz, L. ; Szemeredi, E. 

Publisher: North-Holland, Amsterdam, Netherlands 

Publication Date: 1986 Country of Publication: Netherlands 430 pp. 
ISBN: 0 AAA 87760 6 

Conference Date: 16-21 July 1984 Conference Location: Pecs, Hungary 
Language: English Document Type: Conference Paper (PA) 
Treatment: Theoretical (T) 

Abstract:: There are two kinds of algorithmic problems: firstly one, may 
:^olve vc:rious problems for lattices given by a basis (e.g. finding a 
shortest lattice vector); secondly one may try to find a basis in a 
laccice defined in some other way. In the paper the author concentrates on 
the second kind of lattice problem. Among others, he proves that in a 
lattice given by a separation oracle with some mild additional information, 
a basis can be found in polynomial time. {11 Refs) 

Subfile: C 

Descriptors: algorithm theory; graph theory 

Identifiers: algorithmic problems; lattices; algorithmic problems; basis; 
separation oracle; polynomial time 

Class Codes: C1160 (Combinatorial mathematics); C4240 (Programming and 
algorithm theory) 
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Technology Dept. 

Corp. Source Codes: 100628015; 9800727 
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1991 74p 
Languages: English 
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Geochemical computer programs have found increasing use as modelling 
tools for prediction of the changes occurring when a complicated chemical 
system is subjected to chemical perturbations. The aim was to compare 
calculations directly with laboratory experiments, to validate the computer 
program used and its database with experimental results obtained under 
controlled conditions and in this way certify the usefulness of predictive 
modelling. Experimental results obtained by equilibrating solid CaCO(sub 
3), MgCO(sub 3) (basic) and their mixture with different aqueous solutions 
■"^:-t-?n con-caining trace amounts of radioactive Europium as an indicator of 
i.'i.^oi'pL ion phenomena are presented. In summary geochemical computer 
:.io':;rains are useful in deciphering experimental data. The exact 
L he rmodynamic values to be ascribed to e.g. minerals are influenced by 
particle size, by content of impurities and of other lattice defects, 
which may amount for a 'correction' up to 0.5 kcal/mole. It was experienced 
that unless the sampling procedures and laboratory practice are known for 
field data, the interpretation of comparative calculations shall be done 
with some hesitation. It is important not to neglect the possibility for 
long term changes in adsorption characteristics due to the formation of new 
surface phases. It was found that the original Davies equation served 
becter in the interpretation of experimental data than the now recommended 
icnn and chat for higher salt: concentrations the decrease in the activity 
'ji water has co be taken inco account. (AB) . 

Oescripuors: "^'Geochemistry ; Bench-Scale Experiments; Computer 



'Calculations; Forecasting; Petroleum Geology; Validation 

Identifiers: *Foreign technology; ^Computerized simulation; EDB/020200; 
NTISDEE 

Section Headings: AQF (Natural Resources and Earth Sciences--Geology and 
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Physiochemical aspects of tubulin-interacting antimitotic drugs 
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Department of Biochemistry, University of Mississippi Medical Center, 
Jackson, MS 39216, United States; School of Nursing, University of 
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Journal: Current pharmaceutical design, 2001, 7 (13) 1213-1228 
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250 words) : A diverse group of natural biological compounds bind to 
microtubules and suppress microtubule dynamics. Here we review the 
mechanism of microtubule assembly and dynamics as well as structural 
features that are important for nucleotide binding, GTP hydrolysis and 
stabilization of longitudinal and lateral protof ilament contacts. Specific 
emphasis is placed upon the polar structure of the microtubule, the 
exposure of the nucleotide hydrolysis site at the + end and the 
conformational and conf igura tional plasticity of the microtubule lattice. 
These features have important implications for the mechanism of dynamic 
instability and the disruptive action of antimitotic drugs. We then discuss 
the various classes of tubulin binding drugs emphasizing their site and 
mode of binding as well as the structural and energetic basis for their 
effects on microtubule assembly and dynamics. A common feature of 
tubulin-interacting compounds is a linkage to assembly, either the 
stabilization of a microtubule lattice by compounds like taxol or 
epothilone A, or the preferential formation of alternate lattice 
contacts and polymers at microtubule ends by compounds like colchicine, 
vinca alkaloids and cryptophycin -52. Finally, we explore the likely 
possibility that these drugs also disrupt the regulation of microtubule 
dynamics. Future generations of these compounds may be selectively 
developed to directly target the proteins that regulate mitotic spindle 
ciy naai i. cs . 

; ; r i ptors : Paclitaxei; Review; Tubulin; Microtubule; Molecular 

r^.:"- i.cn; Ancimi totic ; Ancineoplast ic agent; Mechanism of action; 
a r ciynamics; Binding site; Taxane derivatives 

French Descriptors: Colchicine; Paclitaxei; Article synthese; Tubuline; 
Microtubule; Interaction moleculaire; Antimitotique; Anticancereux; 
Mecanisme action; Dynamique moleculaire; Site fixation; Taxane derive 
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SUMMARY: An algebraic surface of type K3 is a 2-dimensional analog of an 
elliptic curve. It is characterized by the property that its tangent bundle 
is not trivial but the first Chern class is trivial. Its group of algebraic 
automorphisms is a discrete group sometimes infinite sometimes finite and 
its structure is closely related to the structure of the orthogonal group 
of the the Picard group of divisor classes equipped with the intersection 
product . The structure of the automorphism group of a complex K3 surface is 
well understood thanks to the availability of trascendental methods based 
on the study of the integration of a holomorphic 2-form on the surface over 
transcendental cycles. No such methods are available in the case when the 
ch^i racterist ic of the ground field is positive. In the proposal the 
principal. investigator outlines several new approaches to the study of 
n.'ncrphisrn groups of K3 surfaces over such fields. Some of them based on 
• .si.udy of possible automorphisms of finite order which will allow to 
.xiinpuLe Che character of the group in its representation on 1-adic 
vjonomology. Other approaches use the relationship between the Picard 
lattice and the 24 -dimensional Leech lattice. The principal investigator 
will also study some applications to coding theory and cryptology related 
to K3 surfaces over a finite field. The study of symmetries of mathematical 
structures is one of the most important and oldest problems in mathematics. 
A symmetry group of a Riemann surface or an algebraic curve is now well 
understood. Much less is known about symmetries of higher dimensional 
algebraic varieties. The principal inverst igator proposes such study for a 
C-l.ass of algebraic surfaces known as K3 surfaces which are two-dimensional 
anal.ogs of elliptic curves. The symmetry groups of K3 surfaces are related 
to symmetry of other objects, for example lattices in hyperbolic 
spaces and convex polyhedra . Many known abstract infinite and finite groups 
admit a beautiful realization as symmetry groups of K3 surfaces. 
Applications of symmetry groups of elliptic curves over finite fields to 
coding theory and cryptology is well known. It is expected that the 
knowledge of symmetry groups of K3 surfaces over finite field will find new 
applications to these theories. 
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ABSTRACT: 

The authors calculate the per-dimension mean squared error micro (S) of the 
uwo-scate convolutional code C with generator matrix (1,1 + D) , for the 
symmetric binary source S = (0,1), and for the uniform source S = (0,1). 
When S = (0,1), the quantity micro(S) is the second moment of the coset 
weight distribution, which gives the expected Hamming distance of a random 
binary sequence from the code. When S - (0,1), the quantity micro (S) is the 
second moment of the Voronoi region of the modulo 2 binary lattice 



(:iet:errnined by C. The key observation is that a convolut ional code with 
2Je>:p v) states gives 2{exp v) approximations to a given source sequence, 
and Lhese approximations do not differ very much. It is possible to 
calculate the steady state distribution for the differences in these path 
metrics, and hence, the second moment. In this paper the authors shall only 
give details for the convolutional code (1,1 + D) , but the method applied 
to arbitrary codes. The authors also define the covering radius of a 
convolutional code, and calculate this quantity for the code (1,1 + D) . 

DESCRIPTORS: WEIGHTING FUNCTION; CIPHERING -- ENCRYPTION ; CONVOLUTIONAL 
CODE; INFORMATION THEORY; MARKOV CHAIN; RANDOM PROCESS 

IDENTIFIERS: HAMMING DISTANZ; TRELLIS QUANTI SI ERUNG ; Konvolut ionscode 
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A detailed description of a method for calculating static 
linear-response functions in the problem of lattice dynamics is presented. 
The method is based on density-functional theory and it uses linear 
muffin-tin orbitals as a basis for representing first-order corrections to 
the one-electron wave functions. This makes it possible to greatly 
facilitate the treatment of the materials with localized orbitals. We 
derive variationally accurate expressions for the dynamical matrix. We also 
show that large incomplete- basis -set corrections to the first-order 
changes in the wave functions exist and can be explicitly calculated. Some 
useful hints on the k-space integration for metals and the self-consistency 
problem at long wavelengths are also given. As a test application we 
calculate bulk phonon dispersions in Si and find good agreement between our 
results and experiments. As another application, we calculate lattice 
dynamics of the transition-metal carbide NbC . The theory reproduces the 
major anomalies found experimentally in its phonon dispersions. The theory 
also predicts an anomalous behavior of the lowest transverse acoustic mode 
.:!onq uhe {(xi) (xi) 0) direction. Most of the calculated frequencies agree 
within a few percent with those measured. (Copyright) 1996 The American 
Physical Society. 

PACS: -^^l.lO.-w, 63.20.Dj, 77.90.+k 

Descriptors: LATTICE DYNAMICS ; CALCULATION METHODS ; DENSITY FUNCTIONAL 
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Abstract Length: MEDIUM (18 lines) 

Quantum teleportat ion consists of the transport of a quantum state from 
one physical system to another using a previously entangled state. The 
original teleportat ion protocol proposed by C. H. Bennett et al. [Phys. 
Rev. Letc, 70 (1993), no. 13, 1895--1899; MR 94a:81004] involves a 
measurement capable of discriminating between Bell states, and therefore 
i c is irreversible due to the collapse of the quantum state after such a 
measuremenc. However, S. L. Braunstein [Phys. Rev. A 53 (1996), no. 3, 
1S00--1902] showed that quantum teleportat ion can be performed without any 
irreversible detection if the detector is considered as a quantum system, 
the state of which is not read out. In this paper, this method is 
implemented to teleport an unknown state of a neutral atom in an optical 
lattice to another atom in another part of the lattice . This proposal 
is based on the procedure proposed by D. Jaksch et al. [Phys. Rev. Lett. 82 
(1999), no. 9, 1975--1978] to entangle neutral atoms in a controlled way by 
using cold collisions between them. 
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A self-dual quinary code of length 24 is used to construct the Leech 
lattice. The proof is based on a study of the Lee weight enumerator of the 
code. The existence of another construction of the Leech lattice using 
(special) self-dual codes of length 24 over prime fields is conjectured. 
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Let $\scr A=(A, {\bf F})$ be a (universal) algebra having the 
meet-semi-lattice with zero $ (A, Xwedge, 0) 5 as a reduct . A partitioning base 
$S$ of $\scr A$ is a subset of $A$ such that (i) $S$ generates $\scr A$, 
and (ii) if $a,b$ are in $S$, then $a\wedge b\in\ { 0, a, b\ } $ . The main result 
of the paper is that a Boolean lattice, i.e., a bounded complemented 
distributive lattice, has a partitioning base if and only if it is 
countable. On the other hand, there are bounded distributive lattices 
and Boolean algebras (i.e.. Boolean lattices to which complementation has 
been added as a fundamental operation) having partitioning bases of 
arbitrarily large cardinality. 
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Combinatorics is a widely studied branch of mathematics nowadays, 
enriched with a vast number of new results and still offering a great 
variety of open problems. One of the main difficulties in combinatorial 
research is the lack of systematic theory. The authors of this book 
consider combinatorial geometry as a discipline that may be able to play a 
unifying role in the further development of the whole combinatorial theory. 
In L-.h(=* present (preliminary) edition the authors attempt to give a brief 
. :-w- y or line recent state of combinatorial geometry. Apart from a few new 
;■:•■.! s Mie Investigations are mainly expository, centered around the 
: ; :^;v%^ L nq problems: axiomatics of combinatorial geometry, description of 

'imp Les , maps between geometries, coordinat ization theory, matching theory 
and 'che critical problem. The notion of combinatorial geometry (introduced 
in $\S$ 2) arises as a generalization of the geometry of point-sets in 
finite dimensional projective spaces. Let $S$ be any set admitting a 
closure relation that is a function $A\rightarrow\overline A$ defined for 
all subsets $A\subseteq S$ such that $A\subseteq\overline A$ and that 
$A\subseteq\overline B$ implies $\overline A\subseteq\overline B$ for any 
two subsets $A, B$ of $S$; $S$ is then called a closure space. A closure 
relation on $S$ has the exchange property if for any two elements $a,b\in 
S$ and any subset $A\subseteq S$, the relations $a \in\overline { A\cup b}$ 
and $a\not \in\overline A$ imply that $b\in\overline { A\cup a}$. A closure 
relation on $S$ has finite basis if and only if any subset $A\subseteq S$ 
contains a finite subset $A\sb fXsubseteq A$ such that $\overline A\sb 
f=\overline A$ . A combinatorial geometry $G(S)$ is a closure space 
consisting of a set $3$ and a closure relation with finite basis and the 
exchange property such that the empty set is closed and $\overline a=a$ for 
all elements $a\in S$. The study of combinatorial geometries is justified 
by the fact that a great variety of combinatorial structures are 
combinatorial geometries; some of them are subsets of projective 
geometries, while others are of completely different origin. Six classical 
examples of combinatorial geometries are described in $\S$ 3; furthermore, 
simplicial geometries are considered, with the idea of developing a new 



'approach to combinatorial topology (see $\S$ 6) . The closed subsets, or 
fiats of a combinatorial geometry $G(S)$ form a lattice $L(S)$; hence 
combinatorial geometries can be studied from a lattice theoretic point of 
view. The lattice $L(S)$ is called a geometric lattice and is characterized 
as a semimodular point lattice without infinite chains {a chain of a 
lattice is any linearly ordered subset of $L$) . In a geometric lattice each 
flat $x$ has a well-defined $\text { rank } \ , r (x) $ equal to the length of any 
maximal chain from $ \over line\ varphi$ to $x$; the rank function satisfies 
Lhe relation $r (x) +r (y) \geq r(x\wedge y)+r(x\vee y)$. Properties of the 
r^jTik Hp.d other lattice theoretic tools for the investigation of 
.K-f nr,.-'t. r ies are investigated ($\S$ 2) together with the internal structure 

; ..u- o;nei. ries ($\S$ 4). Many of the results have converses that yield 
' -ha rcici: e r:i za i: ions of certain geometries. Interesting characterizations of 
L.-eornecries are obtained from cryptomorphic versions of geometries (see 
$\S$ 5) . (Two mathematical theories are cryptoniorphic whenever the basic 
notions of each can be identified with concepts of the other in such a way 
that both theories admit the same propositions.) The Whitney rank function 
on a set ($\S$ 5, pp. 5.12--5.13) and its generalizations (the semimodular 
functions; see $\S$ 7) are applied to construct new examples of geometries. 
Maps between geometries are introduced ($\S$ 9) generalizing the notion of 
a linear transformation in vector spaces. The study of invariants of the 
categories is initiated. $\S$ 10 contains a fundamental result about single 
point extensions of geometries: Given a geometry $G(S)$ all geometries 
$G\sp \ast=G(S\cup s)$ are constructed having one additional point $s$ such 
i:hat: the points of $G\sp \ast$ different from $S$ form a geometry 
isomorphic to $G$ . In $\S$ 11 orthogonality of geometries on finite sets is 
considered, following Whitney who introduced orthogonality in his 
applications of geometries in graph theory (the authors use the term 

orthogonality instead of duality a term previously used in this 

connection). One of the most developed sections of combinatorial geometry 
is the representation (or coordinat ization ) of geometries, treated in $\S$ 
15. The problem of representation can be interpreted in the following way: 
Given a geometry $G(S)$ on a set $S$, find a module $M$ over an integral 
domain $R$, a set $S\sb 1$ of submodules of $M$ generated by single 
elements, and a one-to-one map of $S$ onto $S\sb 1$ inducing an isomorphism 
OL' the geometry $G{S)$ onto the set $S\sb 1$ in terms of ordinary linear 
depef^.dence (nor the notion of linear dependence see Part 2 of $\S$ 3). A 
::;eLhod is established for representing certain geometries as function space 
<:eoiiie L r les (function space geometries are defined in $\S$ 3). Finally, the 
aLiLhors consider two fields of problems that they intend to investigate in 
their future research: matching theory and the critical problem. Most of 
the '^minimax'' theorems of combinatorial theory (such as the marriage 
theorems, Dilworth's theorem, the max-cut min-flow theorem of Ford and 
Fulkerson) can be generalized to combinatorial geometries. These 
generalizations form the subject of the matching theory. Without giving 
details about the whole theory, the authors restrict themselves to a new 
proof of the following generalization of the classical marriage theorem of 
P. Hall and R. Rado ($\S$ 8): ''In a combinatorial geometry $G(S)$ on a set 
$S$ consider $n$ subsets $A\sb 1 , \cdots , A\sb n$ . A necessary and sufficient 
condition for the existence of an independent set of $n$ distinct elements 
$(x\sb 1, \cdots, x\sb n) $ where $x\sb i\in A\sb i$, $i=l , \cdot s , n$ , is that 
$(A\sb {j\sb l}\cup A\sb {j\sb 2 } \cup\cdot s\cup A\sb {j\sb k})\geq k$ for 
any subfamily $A\sb {j\sb l},A\sb {j\sb 2 } , \cdots , A\sb {j\sb k}$ of the 
sets $A\sb i$. The critical problem is stated only for chain groups over 
finite fields (introduced in $\S$ 3): ''In the $n$-dimensional vector space 
$V\sb n$ over the Galois Field $\text { GF } ( q) $ let $S$ be any subset of 
points not containing the origin. Find the minimal number $c$ of projective 
hyperplanes $H\sb 1 , \cdots , H\sb k$ such that the intersection $H\sb l\cap 
H\sb 2\cap\cdots\cap H\sb c\cap S$ is the empty set.'' ($\S$ 16) The 
connection between the critical problem and the problem of coloring of 
graphs is explained. The authors believe that the critical problem provides 
a new ''setting'' for the study of the coloring problem with the required 
level of natural generality ($\S$ 1). In their opinion a systematic study 
of the critical problem should start with problems much simpler than the 
coloring problem. They hope that in this way techniques can be developed 
that may lead to solutions of general problems. The book is supplied with a 
detailed bibliography on the subject. There are some misprints in this 
preliminary version of the text. 
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in 1934 Tdrylor explained the plastic deformation of metals on the basis 
or ci is location cheory, A lot of work followed in both the macroscopic and 
ni Lcroscopic fields. The present book treats dislocation theory from the 
continuum view point. 

The continuum theory of dislocations has played an important role in 
bridging the gap between the phenomenological and atomic theories of 
plasticity. The author rightly says that this theory can be considered a 
significant contribution to scientific research in this century. The book 
follows the lines of R. Grammel ' s collection ''Verformung und Fliessen des 
Fest korper s ' ' [Springer, Berlin-Gottingen-Heidelberg, 1956; MR 19, 336], 
which treats both the mechanical and mathematical aspects, on the one hand, 
and the solid state physics aspect on the other. 

The physical ideas of edge and screw dislocations, slip vector and glide 
planes, Burger's vector and the analogy between thermal (included here 
under the type called quasi-plastic) deformation and plastic deformation 
are explained, with figures, in the introduction. 

The relations between the geometry of deformation and the dislocations 
is treated in the first chapter. After explaining the connection between 
Volterra's distortion and dislocations and proving that the lines of 
dislocation must either be closed loops or must end at the surfaces only, 
the author introduces the total (elastic and plastic) distortion tensor 
$ ( \overline\beta\sp T)$ as $ds\sb j { } \sp T=\beta\sb {ij}{}\sp Tdx\sb i$. 
Using the condition that connectivity of the body is preserved, it is 
shown that $\text { Rot } \ , \overline\beta\sp T=0$ . Defining dislocation 
density as $\overline\alpha= ( \alpha\sb { i j } ) =- \text { Rot ) \ , \beta \sp p$ 
(where $ \overline\beta\sp p$ is plastic component of $\overline\beta\sp 
TGI, Lhe basic geometric equation of continuum mechanics 

S\ove:: line\alpha = \text { Rot } \, \overline\beta$ is deduced ($ \overline\beta$ 
boin/^ the elastic component). Since it is the moving dislocations that 
Ccjuse slip and hence plastic flow, a tensor $N\sb {ijk}$ is introduced to 
represent the movement of $\alpha\sb {jk}$ dislocations in the 
$i$-direction, $j=k$ and $j\neq k$ giving screw and edge dislocations. 

Then follows the decomposition of distortion into components as gradient 
and curl of two parts and further into the form $$ \nabla\sb iS\sb 
j { } ' -\varepsilon\sb { ikl } \varepsilon\sb { jmn } \nabla\sb k\nabla\sb mi\sb 
{ln}+\theta\sb {ij }=\text {Grad } \ , \overline s+\text { Ink} \ , i+\overline\theta , 
$$ the compatibility conditions of classical theory being given by 
$\ text { Ink } \ , \overline\ varepsilon=0$ . The incompatible deformation fields 
arising in thermal and magnetic fields are then discussed. Finally we get 
discussions about structural rotations, large deformations and the 
determination of the distortion of a substance with dislocations. 

The second chapter deals with the statical viewpoint. Volume and surface 
dislocations are treated. By use of the stress-function approach the energy 
of volume distributions is obtained and the particular case of two volume 
distributions is noted, giving self and mutual energies. Expanding the 
method of obtaining general solutions of classical elasticity theory (with 
anisotropy) the displacement fields for line and surface distributions are 
obtained. It is shown that a field arising from dislocations can be 



"considered, similar to the magnetic field, as due to either line 
distributions or surface distributions of dislocations. The case of 
singular dislocations is then discussed and from classical elasticity 
theory self and mutual energies are obtained, noting their analogy to self 
and mutual inductances. Finally, stress fields due to dislocations are 
treated. By use of the principle of virtual displacement the formula of 
Peach and Koehler $d\overline K==d\overline Lx\sp 

{ \overline\sigma } \cdot \overline b$ is obtained, $d\overline K$ being force, 
$d\overline L$ displacement, $x\sp { \overline\sigma } $ stress and $\overline 
b$ Burger's vector. This is applied to obtain stress and displacement 
fields due to different types of multiple force and displacement 
singularities. Analogies with the electro-magnetic field are frequently 
:y/L ed . 

W.--' :,Men geL the discussion on dislocations in crystals. The basic 
.■.■r..:epLS in the order of magnitude of infinitesimals involved in the 
[na uhema ticai treatment of the microscopic region and of the passage to the 
macroscopic are discussed. Starting with Frank's definition of dislocation 
in crystals, displacements, distortion and deformation in the microscopic 
are explained leading to $\delta\sb 

{ \text { Rot } \, \overline\beta=\overline\alpha } $ as before, showing the 
existence of elastic distortion in presence of dislocations. With this the 
author passes to the macroscopic region and establishes relevant equations. 
Then the relations between the grain-boundary orientations and dislocation 
arrangements are discussed. The resulting relations giving the type and 
density of dislocations which give stresses or no stresses are deduced. 
Dislocation types in cubic face-centred crystals are then discussed. 
Finally Peierl's and Eshelby's treatments of edge and screw dislocations 
for primitive cubic crystals, and Liebfried and Dietze's treatment for face 
centred cubic crystals is given in detail. 

The fourth chapter deals with the non-Riemannian geometry of 
dislocations. Kundo ' s and Bilby-Bullough-Smith ' s (B.B.S.) theories are 
first discussed. ' 

Defining the Cartan's torsion tensor $(\Gamma\sp \kappa{}\sb 
{ [\lambda\mu] } ) $, Riemann-Christof f el curvature tensor $ (R\sp \kappa{}\sb 
{ \lambda\mu\nu } ) $ and Euler-Schouten ' s curvature tensor $(H\sb {ij){}\sp 
\Lambda)$, it is shown that the dislocation density can be related to 
torsion as $\alpha\sp { \lambda\ kappa } =\varepsilon\sp 
{ \ lambda\mu\nu } \Gamma\sp \kappa{}\sb {[\mu\nu]}$. Then Kundo ' s 
classification of lattice flaws as (i) those with incompatible metric with 
non - va nishing curvature in natural state {points of curvature flaw) (ii) 
i ron - P i. erna nnian lattice defects with non-vanishing torsion in natural state 
[pijiwis of torsion flaws) (iii) Lattice flaws with non- vanishing 

!, er-Schou t en ' s curvature, and the agreement with the ideas in the book is 
Lhen noted. The B.B.S. theory is then given. Starting with the geometry of 
deformation of lattices relations between the geometric quantities and 
local and true Burger's vector (identical only for small deformation), 
torsion tensor and dislocation density and curvature tensor and 
stress-free state are discussed. The relation between Nye's curvature 
tensor and torsion in non-Riemannian geometry is then explained. The 
chapter closes with a discussion of how Kundo ' s and B.B.S. 's theories 
pertain to the macroscopic and microscopic regions, respectively, how a new 
theory of plasticity can be built up from non-Riemannian geometry and the 
relations between the virtual (Kundo' s), real and local densities of 
dislocations . 

In the last chapter we have some applications. 

The first one is the interesting but difficult problem of work-hardening 
of metals. Here we get an outline of the case of cubic face centred metals. 
The stress-strain curve is divided into 3 parts. 

The small amount of hardening in the first region is easily explained. 
For the second region where hardening coefficient is large , it is 
explained on the basis of the occurrence of Lomer-Cotterell dislocations 
when a Frank-Read source of dislocation meets another on a different 
slip-plane. The case of small coefficient in the last region, it is noted, 
is still not solved satisfactorily. The explanation of 'active energy' is 
given, and a method to calculate it. 

The next application is to the approximate calculation of self-energy of 
■ ■ ;.; t: v i 1 i nea r dislocations. 

Thior: i.he notion of interstitial or foreign atoms acting as dipoles and 



, 'polarisation centres is explained. Interactions of these and other 
lattice faults with dislocations are treated mathematically. 
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.SPECIFICATION of achieving this solution is described below in greater 
detail . 

To produce small ai)) and bi ) ) , it is possible to make use of the L3)- 
lattice basis reduction algorithm (HAG p. 118), which would directly 
result in short basis vectors. However, in this preferred embodiment 
the simple extended Euclidean algorithm is employed on the pair (n, 
(lambda)). The extended Euclidean algorithm on (n, (lambda... 
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. :'r,C I FTCATION present invention wherein non-periodic graduations are 
I'sed as a reference scale. 

Figure .11 is a schematic and diagrammatic view showing the structure of 
an encoder wherein an asyitunetric -shape reference scale is used as a 
reference scale. 

Figure 12 is a waveform view showing signals which are obtainable in 
the explanatory embodiment of Figure 11. 

Figures 13A and 13B are schematic views showing a. plane (1,1,1) of a 
face-centered cubic lattice , which is a specific explanatory example of 
an asymmetric reference scale, wherein Figure 13A is a top plan view and 
Figure 13B is a sectional... 
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.SPECIFICATION Examples of such organic bases include optionally 
substituted bases selected from piperidine, pyridine, piperazine, 
benzylamine, imidazole, pyrimidine and phenylethylamine . 

One preferred class of organic nitrogenous bases are compounds which 
possess large secondary molecular susceptibilities and as a result can 
'o:-:hibiL SHG responses of large magnitude at certain molecular alignments 
•wiuhin a crystal lattice . These compounds, which preferably have 
secondary molecular susceptibilities (beta-values) greater than 1 x 10( 
sup(-30) esu, more preferably greater than 10 x 10... 
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I Fi CATION bauds). Note that a fundamental region of the time-zero 
. r ' ]<yt i<Z4) will contain exactly 22x6.5 + 1) points from any coset of the 
lattice 2-3)Z4); i.e., (vertical bar ) 2-3 ) Z4 ) /RZ4 ) (vertical 

baL ; -214 ) . 

A small buffer 130 is filled with bits received from the DTE at the 
rate of 6.5 bits per (2D) signaling interval. In successive bauds, a 
scrambler 132 alternates in taking 7 or 6 bits from this buffer. The 
scrambled bits are delivered to a binary encoder in groups of 13 so... 
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.SPECIFICATION an example wherein non-periodic graduations are used as a 
reference scale. 

Figure 11 is a schematic and diagrammatic view showing the structure 
of an encoder wherein an asymmetric -shape reference scale is used as 
a reference scale. 

Figure 12 is a waveform view showing signals which are obtainable in 
the embodiment of Figure 11. 

Figures 13A and 13B are schematic views showing a plane (1,1,1) of a 
face-centered cubic lattice , which is a specific example of an 
asymmetric reference scale, wherein Figure 13A is a top plan view and 
Figure 13B is a sectional view. . . 

.SPECIFICATION an example wherein non-periodic graduations are used as a 
reference scale. 

Figure 11 is a schematic and diagrammatic view showing the structure of 
an encoder wherein an asymmetric -shape reference scale is used as a 
reference scale. 

Figure 12 is a waveform view showing signals which are obtainable in 
the embodiment of Figure 11. 

Figures 13A and 13B are schematic views showing a plane (1,1,1) of a 
face-centered cubic lattice , which is a specific example of an 
asymmetric reference scale, wherein Figure 13A is a top plan view and 
Figure 13B is a sectional view... 
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.SPECIFICATION It can also be constructed in a number of well known ways, 
buL preferably consists of variable coils and/or capacitors in a ladder 
or lattice network, in a manner well known in the art. Thus, both 
amplitude and phase can be adjusted by the user of the descrambler during 
a period prior to the occurrence of the event or programme, A test 
pattern is transmitted with a one or two colour constant signal 
scrambled with a fixed, switch pattern in each frame. The amplitude is 
adjusted with the attenuator adjustment 92 to eliminate any "Venetian 
blind" effect on the. . . 
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Fuilcext Availability: 
Detailed Description 



Detailed Description 

sequence in accordance to one embodiment of the present invention is 
exemplified in Table 9 with reference to Table 10. The use of compression 
or encryption has not been yet decided in this example. 

The code sequence can alternatively be distributed in a 2-dimensional 
qrid or in a 3dimensional lattice . 

■ i'.'CoJinq device is, according to an embodiment of the invention, 

■ '. :* ;* j-:(-'d of a decoding software program, or an algorithm for modulo 
>: r.rtujr i.c decoding. Alternatively. . . 
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English Abstract 

A method, system and apparatus for performing digital signatures and user 
identification. The signer's private key is a short generating basis 
for an NTRU lattice and his public key is a much longer generating 
bais for the same lattice . The signature on a digital document is a 
vector in the lattice with three important properties. - The signature 
is attached to the digital document being signed. - The signature 
demonstrates an ability to solve a general closest vector problem in the 
lattice . - The private vector of a general NTRU lattice is first used 
to construct a complete short basis for the lattice . Therefore, 
the RE is a straightforward linkage between the signature and the 
closest vector problem in the underlying NTRU lattice . 

Detailed Description 

. . . X = b for every value of b in S. 

Another type of user identification technique relies on the difficulty of 
iTinding close vectors in a lattice . An identification technique of this 
iiype is described in Goldreich, S. Goldwasser, and S. Halevi, Public-key 
r r;ypuography from lattice reduction problems, Proceedings of CRYPTO... The 
V.'oriiier chooses a random vector (via a secure hash function) as the 
chal ienge . 

The Prover uses the good almost orthogonal basis to find a lattice 
vector that is close to the challenge vector and sends this lattice 
vector to the Verifier. The Verifier accepts the Prover as securely 
identified if the response vector is in the lattice and is sufficiently 
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: • . : : . Description 

... ripproximaiiely equivalent to RSAI 024 bits. The time for the key 
ijeneracion process averages 14 seconds. 

The commercial embodiment uses the NTRU algorithm from NTRU 
Cryptosystems , Inc. for this key generation and in turn for the payload 
encryption . It is generally accepted that the encryption strength of 
the NTRU modified lattice algorithm is approximately the same as 
existing elliptical curve or RSA asymmetric algorithms. 

However, with the inferior computing power of wireless devices 922, the 
NTRU. . . 
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... illustrative embodiments. Alternative embodiments within, the scope of 
:-.he appended claims will be readily apparent to those skilled in the art. 



NSS: An NTRU Lattice -Based Signature Scheme 
Jeffrey Hollstein, Jill Pipher, Joseph H. Silverman 

NTRU Cryptosystems, Inc., 5 Burlington Woods, Burlington, MA 01803 USA, 
jhoff@ntru.com, jpipher@nt ru . . . 

.new authentication and digital si&nature scheme called the 



of making Q larger does not continue indefinitely, and the ultimate 
result is to reduce the effective dimension of the lattice frem 2N. . . 

...less randomly distributed 

in the interval [-q/2, q/2] . This yields ll,rll Pz:: qVFN/-6 
The vector -r is also contained in the lattice L p (p )2N ED . Let L. , , 
Lm n L. be the intersection. ...other words, letting IN denote the N-hy-N 
identity matrix and H the N-by-N circulant matrix formed from the 
coefficients of the piiblic key h, the lattice L.,, is the 
intersection of the lattices generated by the rows of the fiollowing 
ma trices . 

K 0 0 0 

Lm, p qINO n pIN ( ) . 

Mt 0 1 
40 

Then L. , , has determinant ... feasible without the private key, and that it 
is not feasible to recover the private key from either a transcript of 
valid signatures or the public key . 

42 

We can, however, make a probabilistic argument for soundness under 
certain assumptions. For example, recall from Section 4.5 that the 
existence of a signed message {m, s) implies the existence of a vector in 
a lattice which (inverted exclamation mark)s a factor Of r. = 
Vr7@reg/ ( 6p2 ) times larger than the expected smallest vector. We ha-ve 
chosen p @ 3 . . . 

...based on constmined polynomials, US Patent 6,076,163, June 13, 2000. 

4. J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: A new high speed 
public key cqf f Itosystem, in Algoriffimie Number Theory (ANTS 111), 
Portland, OR, June 1998, Lecture Notes in Computer Science 1423 (3. P. 
Buhler, ed. ) , Springer-Verlag , Berlin, 

1998V 267 

5. J. Hoffstein, J- Pipher, J.H. Silverman, NSS . - A Detailed Analysis of 
:hp NTRU Lattice -Based Signature Scheme, <www. ntrn. com> . 



. . HoLiscein, D. Lieman, J.H. Silverman, Polynomial Rings and Efficient 
Public Key Authentication, in Proceeding of the International 
Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99), Hong 
Kong, (M. Blum and C.H. 

Lee, eds . ) , City University of Hong Kong Piess. 
7 . 3 . Hoffstein , 3 . . . 
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. . . is from the Gorin et al. patent, shows three PE boards 1., 2 and 3 
with the port-to-port PE connections for a tree lattice structure. The 
PEs are shown not in their fixed lattice structure, but in the actual 
tree geometry for data flow, which can be created by configuring 
the PE ports. (Column 1 0, line 64-Colunm 1 1, line 9) 
U.S. Patent No. 5,513,371 issued to Cypher et al., entitled 
HIERARCHICAL INTERCONNECTION NETWORK ARCHITECTURE FOR 
3 

PARALLEL PROCESSING, HAVING INTERCONNECTIONS BETWEEN 
BIT-ADDRESSABLE NODES BASED. ON ADDRESS BIT PERMUTATIONS, 

. ;< 'S'": r i. bes cwo new. . . 
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. . . since the dynamics is local and uniforin (see N. 

Margolus, "A mechanism for efficient data access and communication in 
parallel computations on an emulated spatial lattice , " USPTO patent 
application, filed August 12, 1999). This is illustrated in Figure 1 1. 
in 'chis example, the bit-string 90 to be encrypted can be taken to be 
::he cell data for an n-dimensiona 1 CA space, with a plurality of bits 
dissociated with each cell. In the... 
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De tai led Description 

a fixed number of time steps Tf , where Tf = To -f Td and 0 < To < Tf . 

For symmetric encryption, the same rule set is used for encryption and 
decryption , whereas for non-symmetric encryption a different rule set 
is used to evolve the 3o dynamical system from time step To to time step 
T, . 



Cellular Automata (CA) are dynamical systems in which space and 
time are discrete. The cells are arranged in the form of a regular 
lattice structure and must each have a finite number of states, wherein 
uhe state of each cell is typically criven by the Boolean variable a. 

These. 



sysuem, lattice size N, and boundary conditions. 



26 A system according to claim 18, wherein said system further 
comprises decryption means for decrypting the cyphertext by further 
evolving the cyphertext in the dynamical system with a second dynamical 
rule set with preselected coefficients for Td time steps, wherein said 
data message is recovered at Tf . . . 
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. . . Hellman assumption (both the search and the decision problems, wherein 
the latter yields more efficient constructions), and the hardness of 
rinding short vectors in a lattice (the Ajtai-Dwork cryptosystem ). On 
the other hand, it seems to be highly unlikely that Oblivious Transfer 
can be based on one-way functions . 

Following are the details of,.. 
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Detailed Description 

, . . 503, In this paper we propose an approach to authenticaJ. 

tion and digital signaturoR which is different from the square of the 
dimension of the lattice . (The same is traditional approach, but. is 
perhaps better suited for true or the lattice -based crypto systems 
proposed in [1) applications involving low powered processors such as and 
[31.) In contrast, the keys used by NTRU and by smart cards and the 
authentication or certification of PASS, the authentication scheme in 
uhis paper, grow millions of micro transactions. The public keys we 
pro- only linearly with the dimension of the lattice, so they pose will 
be at least as secure from attack as RSA 1024 remain very practical even 
for lattices of dimension bebit keys. To kmsp the tratiscripts at a 
similar security tween 500 and 1000. 

level, we will require, that the transcript lengths be re- More 
generally, the reason for re-examining the use of stricted to about 500. 
(This is a very conservative esti- lattice based crypto systems has to 
do with some of the mate.) However the case and speed of key pair genera- 
apparently fundamental limitations of lattice reduction tion will make 
it easy to leverage this, by a short tree of attacks and the nature of 
the crypto systems that were validations, to millions of transactions 
ri" . cended from asuccess f u lly attacked in the past. In the most general 
;<:ri':le key. i:erms, the LLL method, or its various improvements, 
-.s iiienLi.oned above., the hard problem underlying the will find a 
: !. 6 i vel y short vector in a lattice L of dimensecurity of the public 

key in our scheme is related to Rion n in a surprisingly small amount 
of time. But one properties or short polynomials. Since short polyno- can 



.analysis of these or the probabilistic expected length of the shortest 
vecschemes carefully consider the possibility of attack by tor if L were 
a random lattice . What seema to happen is lattice reduction methods. 
Lattice reduction attacks are that a first approximation by LLL or its 
improvements the general nanic for techniques ror finding short vectors 
will find a reasonably short vector in a lattice of dimenin lattices . 
The use or lattice attacks in cryptography sion n in time which grows 
polynornially in n. Further was pioneered by Sharnir, [171, who used it to 
break the refinements of LLL will find successively shortes vectors 
original knapsack based ptiblic key cryptosystem pro- with lengths that 
are still greater than the actual or exposed by {121. In the mid 80's 
Lmistra, Lenstra and Lo- pected shortest... 

.Ultimately, LLL will always find vasz {91 introduced what hws since been 
called the LLL a vector either with the actual shortest length, or at 
lattice reduction method. This, mid further improve- any rate with 
length very close to the expected smallments on LLL by Schnorr, Eucliner 
and others [14, 15] est. However, the time required to find this vector 
seems led eventually to the breaking of all known cryptosys - to grow 
exponentially, or even super exponentially, with tems based on the 
' r C icul ty of finding small vectors in the dimension n. We can summarize 
vr. is in the following lattices . This includes the recent system 
proposed by very rough conjecture. 



Altai and Dwork [1) and by Goldreich, Goldwasser, and Conjecture I (Hard 



equivalence. In Proc. basis reduction, J. Algorithms 9 (1988), 47 29th 
ACM Symposium an Theory of Computing, [16] C.-P. Schnorr. Efficient 
identification and signatures 

1997,284 for smart cards. In G. Brassard, editor. Advances in 
I-IO 

Cryptologo - 0-Upto '89, I".ture Notes in Corn- commitment and the 
message and mapping the re 
. 4 

puter Science 435, Springer-Wrlag (1990) 239 suit... 

.g(S), g'[S), h) . on perinuteil kernels. In G. Brassard, editor, Ad- aTo 
veriry Lhat Pearl signed the message Al, Vinnic vanccs in Cryptolek9y 
Crypto '89, Lecture Notes computes c from g(S),g'{S) and M, and then 
Mses in Computer Science 435, Springer-Verlag (1990) Pearl's paablic 
key f (S) to verify that the response 
606 h was generated by someone with knowledge of the 

[191 J.H. Silverman, Dirriension-R . educed Lattices , Zero- private key 
f ) f ' , i.e., by Pearl . 
Forced Lattices 

, and the NTRU Public Key Cryptosystem , NTRU Terlinicai Note 013, 

March 2, The fundamental difference between the use of the 

1999, (vvw.ntru.com) scheme for authentication and for digital signatures 

...recover f.) In this section we will discuss and quatitify the 

ditficulty of these questions. First we will discuss an attack 

on I using the piiblic key I -f ( (0 I , , , , 

(section) 2 Forniulation of a lattice attack on the public key . This 
is approached exactly as in 131. For convenience we will remind the 
reader of the outline. We begin by constructing a lattice as follows. 
For any polynomial F E R, associate to F the vector of coefficients 
(aolail ... aN-I)- Similarly for any such vector or point ... public key 
system," Procee (lings or ANTS 111, Portland (1998), Springer-Verlag. 131 
J. 1 lofrst,cin, 1). Lictnan, J. Silverman, "Polynomial Rings and 
Efficient Public Key Autheritica-tion, " Procccdhif j Qf the 
International Workshop on Cryptographic Techniques and E-Conaricrce 
(CrypTEC '99), M. Blum and C.H. Lee, eds . , City University of Hong Kong 
Press, to -rippear. 

141 A. Nlay, Crypt malys i s of NTRU, preprint, February 1999 

[51 111. Silverman, Dimumioti -Reduced Lattices , Zero-Forced Lattices , 

and the NTRU Public Key Cryptosystern , NTRU Technical Note 013, 

March 2, 1999, (www. ntru. com) 

Appendix 1 . Timing Comparisons 

In this sect-ioti we compare digital signature and verification times for 
various crypto systems . We note thai, the PASS2 times are based on a 
preliminary non-optimized implementation by Tao Groiip, Inc. We also note 
that the extremely fast... 
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Claims 

Claim 

that a problem information data is 
easily leaked has occurred. Most of such attach methods rely 
upon a low density attack method based on the Lattice Basis 
Reduction Algorithm. A small number of the piablic key 
transmission systems of the knapsack problem so far, including 
one based on Chor-Rivest, are known to be safe against such 
attach methods. 
SUMMARY OF THE INVENTION 

it is an object of the present invention to provide a 

public key transmission system of an improved knapsack type for 
securing higher safety by increasing transmission efficiency by 
easily producing an public key and hardly extracting a... 
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' M I : t'-d Oescripcion 
... oi; cichieving this solution is described below in greater detail. 



To produce small ai and bi, it is possible to make use of the L3- 
lattice basis reduction algorithm (HAG p. 1 18), which would directly 
result in short basis vectors. However, in this preferred embodiment 
the simple extended Euclidean algorithm is employed on the pair (n, k) . 



The exuended Euclidean algorithm on {n, k. 
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. . . the process as many times as desired. The 

key might contain parameters f or the shuf f ling algorithm as 
well as for decoding. 

The encryption step might utilise for example available 
techniques such as DES or BLOWFISH. 

To f acilitate the compression it may be desirable to 
structure the number in other forms to give more patterns. 
For example one might structure the number as a 2D or 3D 
lattice , or a lattice or 
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Fulltext Availability: 
Detailed Description 

Detailed Description 

. . . may be differentiated. 

Further, the future zero-coupon rates are seen to depend on p 
which is the instant interest rate, whereas r in the lattice 
is a Ac period interest rate. However, a conversion from r to 
p is possible by means of {1.51). (1.51) provides the 
possibility of calculating a longer interest rate on the basis 
of a short -term interest rate. Let (t;T) be given by {t,t+At). 

(1.55) P(tj t+At)=A(t, t+At)e -B(t... 
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Decailed Description 

. . . supplied to the input of a descrambler 560 that decrypts the data in 



conformance to the manner in which the data was, if at all, encrypted 

'1 r fhe transmission site. 



e:aDodiment of a descrambier 560 is illustrated in FIG. 19. In the 
ii iusiiraced embodiment, the descrambier 560 may be implemented by a field 
programmable gate array. One type of field programmable gate array 
technology suitable for this use is a Lattice isp 10 1 6. 

The descrambier 560 preferably automatically synchronizes to the start 
of a DVB frame marker provided by the demodulator 555. The descrambier... 
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... to the receiver, symbols embedded in the zerotree, and we can stop at 
a particular entropy, only transmitting the most significant ones. 

5) If a lattice is used then there are ways to eliminate the codebook, 
thereby reducing image entropy. Another advantage is that if one does not 
use a codebook then one cannot scramble the image by losing or 
corrupting the codebook during transmission. {An error in the codebook 
spreads to all vectors sharing that codebook pointer, not just one vector 
in the image.) While a lattice vector quantizer is fast, it causes 
dents in images because objects near the center of a coarse Voronoi 
region round randomly based upon their truncated... 
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operations to encode or decode a message consisting of N bits. 

A fourth type of trap-door function which has been used 
to create pixblic key crypto systems is based on the knapsack^ 
or subset sum, problem. These functions use a semigroup, 
normally the semigroup of positive integers under addition. 

Many public key crypto systems of this type have been broken 
using lattice reduction techniques, so they are no longer 
considered secure systems. 

A fifth type of trap-door function which has been used to 
SUBSTITUTE SHEET (RULE 26) 

create public key cryptosystems is based on error correcting 
codes, especially Goppa codes. These cryptosystems use linear 
algebra over a finite field, generally the field with two 
elements. There are linear algebra attacks on these 
cryptosystems, so the key for a secure cryptosystem is a large 
rectangular matrix, on the order of 400,000 bits. This is too 
large for most applications. 

A sixth type of trap-door function which has been used to 

create public key cryptosystems is based on the difficulty of 

finding extremely short basis vectors in a lattice of large 

dimension N. The keys for such a system have length on the 

order of N2 bits, which is too large for many applications. In 

addition, these lattice reduction public key cryptosystems are 

very new, so their security has not yet been fully analyzed. 

Most users, therefore, would find it desirable to have a 

public key cryptosystem which combines relatively short, 
easily created keys with relatively high speed encoding and 
decoding processes. 

It is among the objects of the invention to provide... 

...modulo two numbers, p and q, while the 

decoding technique uses an unmixing system whose validity 
depends on elementary probability theory. The security of the 

public key cryptosystem hereof comes from the interaction of 
rhe polynomial mixing system with the independence of 
reduction modulo p and q. Security also relies on the 
experimentally observed fact that for most lattices , it is 
very difficult to find the shortest vector if there are a 
large number of vectors which are only moderately longer than 
the shortest... 1 having N 

ordered coefficients, some of which may be zero) , and that the 
processor will perform designated operations on coefficients.] 
The security of the public key cryptosystem hereof comes from 
the interaction of the polynomial mixing system with the 
independence of reduction modulo p and q. Security also 
relies on the experimentally observed fact that for most 

lattices , it is very difficult to find the shortest vector if 
there are a large number 

of vectors which are only moderately longer than the shortest vector. 

cryptosystem hereof fits into the general framework 
(}■■ a probabilistic cryptosystem as described in M. Blum et 



pxiblic key crypto systems , Communications of the ACM 21 (1978), 120 

11. CP. Schnorr, Block reduced lattice bases and successive minima, 
Combinatorics/ 

Probability and Computing 3 (1994), 507 

12. C.P. Schnorr, H.H. Hoerner, Attacking the Chor Rivest Mptosystem by 
improved lattice reduction. Proc. EUROCRYPT 1995, Lecture Notes in 
Co.Tiputer Science 

^i21, Springer- Ver lag , 1995, pp. 1 

\1. Q. Scinson, Cryptography : Theory and Practice, CRC Press, Boca 
Racon, 1995. 
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. . . circular dichroism 

spectrum, spectrum of anomalous dispersion of x-rays, 

individual combinative dispersion spectrum, ' gas 

electronography , oscillatory infrared, electronic or 

ultraviolet spectrum, the crystalline or lattice 

structure of the material constituting the article. 

Preferably the encoded characteristic is encrypted and 

decrypted using a public key encryption system and 
advantageously the piiblic key encryption system has a 
plurality of levels of security. 

Preferably means are also provided for encoding 
additional characterising information together with the 
representation of the physical... 

Claim 

. . . circular dichroism spectrum, spectrum of 

anomalous dispersion of x-rays, individual combinative 
dispersion spectrum, gas electronography, oscillatory 
InTrared, eleccronic or ultraviolet spectrum, the 
r- rryslia nine or lattice structure of material constituting 
■-he article. 

14 A method of authenticating articles as claimed in 
any of the preceding claims wherein the encoding is 
encrypted and decrypted using a public key encryption 



A iiiechod of authenticating articles as claimed in 
j laim I A wherein the public key encryption system has a 
plurality of levels of security. 

16 A method of authenticating articles as in any of 
the preceding claims wherein additional characterising 
information . . . 
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... of 

physical and electronic barriers. Such barriers include, 
but are not limited to 1) having 4 temperature window of 
operation; 2) interlaced power and ground lattice ; 3) 
solder bump/flip-chip technologies; 4) module tampering 
alarm circuitry; 5) SRAM destruction circuitry on 
tampering of the electronic module; 6) RSA encryption 
capabilities for bidirectional communication. Thus, the 
electronic module is extremely difficult to copy, 
counterfeit, or to decipher its communications. 



